QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2023-3440

Back to search

CVE-2023-3440

Published: Oct 3, 2023

Modified: Aug 2, 2024

PUBLISHED

CVSS v3.1

8.4

HIGH

Description

Incorrect Default Permissions vulnerability in Hitachi JP1/Performance Management on Windows allows File Manipulation.This issue affects JP1/Performance Management - Manager: from 09-00 before 12-50-07; JP1/Performance Management - Base: from 09-00 through 10-50-*; JP1/Performance Management - Agent Option for Application Server: from 11-00 before 11-50-16; JP1/Performance Management - Agent Option for Enterprise Applications: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for HiRDB: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for IBM Lotus Domino: from 10-00 before 11-50-16; JP1/Performance Management - Agent Option for Microsoft(R) Exchange Server: from 09-00 before  12-00-14; JP1/Performance Management - Agent Option for Microsoft(R) Internet Information Server: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for Microsoft(R) SQL Server: from 09-00 before 12-50-07; JP1/Performance Management - Agent Option for Oracle: from 09-00 before  12-10-08; JP1/Performance Management - Agent Option for Platform: from 09-00 before 12-50-07; JP1/Performance Management - Agent Option for Service Response: from 09-00 before 11-50-16; JP1/Performance Management - Agent Option for Transaction System: from 11-00 before 12-00-14; JP1/Performance Management - Remote Monitor for Microsoft(R) SQL Server: from 09-00 before 12-50-07; JP1/Performance Management - Remote Monitor for Oracle: from 09-00 before 12-10-08; JP1/Performance Management - Remote Monitor for Platform: from 09-00 before 12-10-08; JP1/Performance Management - Remote Monitor for Virtual Machine: from 10-00 before 12-50-07; JP1/Performance Management - Agent Option for Domino: from 09-00 through 09-00-*; JP1/Performance Management - Agent Option for IBM WebSphere Application Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for IBM WebSphere MQ: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for JP1/AJS3: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for OpenTP1: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for Oracle WebLogic Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for uCosminexus Application Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for Virtual Machine: from 09-00 through 09-01-*.

VendorProductVersions

Hitachi

JP1/Performance Management - Manager

affected
09-00 - < 11-50
affected
11-50 - < 11-50-16
affected
12-00 - < 12-00-14
affected
12-10 - < 12-10-08
affected
12-50 - < 12-50-07

Hitachi

JP1/Performance Management - Base

affected
09-00 - <= 10-50-*

Hitachi

JP1/Performance Management - Agent Option for Application Server

affected
11-00 - < 11-50-16

Hitachi

JP1/Performance Management - Agent Option for Enterprise Applications

affected
09-00 - < 11-50
affected
11-50 - < 11-50-16
affected
12-00 - < 12-00-14

Hitachi

JP1/Performance Management - Agent Option for HiRDB

affected
09-00 - < 11-50
affected
11-50 - < 11-50-16
affected
12-00 - < 12-00-14

Hitachi

JP1/Performance Management - Agent Option for IBM Lotus Domino

affected
10-00 - < 11-50-16

Hitachi

JP1/Performance Management - Agent Option for Microsoft(R) Exchange Server

affected
09-00 - < 11-50
affected
11-50 - < 11-50-16
affected
12-00 - < 12-00-14

Hitachi

JP1/Performance Management - Agent Option for Microsoft(R) Internet Information Server

affected
09-00 - < 11-50
affected
11-50 - < 11-50-16
affected
12-00 - < 12-00-14

Hitachi

JP1/Performance Management - Agent Option for Microsoft(R) SQL Server

affected
09-00 - < 11-50
affected
11-50 - < 11-50-16
affected
12-00 - < 12-00-14
affected
12-50 - < 12-50-07

Hitachi

JP1/Performance Management - Agent Option for Oracle

affected
09-00 - < 11-50
affected
11-50 - < 11-50-16
affected
12-00 - < 12-00-14
affected
12-10 - < 12-10-08

Hitachi

JP1/Performance Management - Agent Option for Platform

affected
09-00 - < 11-50
affected
11-50 - < 11-50-16
affected
12-00 - < 12-00-14
affected
12-50 - < 12-50-07

Hitachi

JP1/Performance Management - Agent Option for Service Response

affected
09-00 - < 11-50-16

Hitachi

JP1/Performance Management - Agent Option for Transaction System

affected
11-00 - < 11-50-16
affected
12-00 - < 12-00-14

Hitachi

JP1/Performance Management - Remote Monitor for Microsoft(R) SQL Server

affected
09-00 - < 11-50
affected
11-50 - < 11-50-16
affected
12-00 - < 12-00-14
affected
12-50 - < 12-50-07

Hitachi

JP1/Performance Management - Remote Monitor for Oracle

affected
09-00 - < 11-50
affected
11-50 - < 11-50-16
affected
12-00 - < 12-00-14
affected
12-10 - < 12-10-08

Hitachi

JP1/Performance Management - Remote Monitor for Platform

affected
09-00 - < 11-50
affected
11-50 - < 11-50-16
affected
12-00 - < 12-00-14
affected
12-10 - < 12-10-08

Hitachi

JP1/Performance Management - Remote Monitor for Virtual Machine

affected
10-00 - < 11-50
affected
11-50 - < 11-50-16
affected
12-00 - < 12-00-14
affected
12-10 - < 12-10-08
affected
12-50 - < 12-50-07

Hitachi

JP1/Performance Management - Agent Option for Domino

affected
09-00 - <= 09-00-*

Hitachi

JP1/Performance Management - Agent Option for IBM WebSphere Application Server

affected
09-00 - <= 10-00-*

Hitachi

JP1/Performance Management - Agent Option for IBM WebSphere MQ

affected
09-00 - <= 10-00-*

Hitachi

JP1/Performance Management - Agent Option for JP1/AJS3

affected
09-00 - <= 10-00-*

Hitachi

JP1/Performance Management - Agent Option for OpenTP1

affected
09-00 - <= 10-00-*

Hitachi

JP1/Performance Management - Agent Option for Oracle WebLogic Server

affected
09-00 - <= 10-00-*

Hitachi

JP1/Performance Management - Agent Option for uCosminexus Application Server

affected
09-00 - <= 10-00-*

Hitachi

JP1/Performance Management - Agent Option for Virtual Machine

affected
09-00 - <= 09-01-*

Weaknesses (CWE)

CWE-276

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now