Last Update: September 20, 2022
Vulnerabilitiy has been found in Hitachi Vantara - Hitachi Content Platform.
CVE-2021-28052: Hitachi Content Platform Information Disclosure Vulnerability
A tenant administrator Hitachi Content Platform (HCP) may modify the configuration in another tenant without authorization, potentially allowing unauthorized access to data in the other tenant. Also, a tenant user (non-administrator) may view configuration in another tenant without authorization. In both cases, the unauthorized user must know the Namespace UUID of the targeted namespace.
Information Disclosure
Users and administrators are encouraged to upgrade to fixed version.
Masato Terada (HIRT), Naoko Ohnishi (HIRT) and Brian Williams (Hitachi Vantara)