JVNDB-2023-003771

[Japanese]
JVNDB-2023-003771
File and Directory Permissions Vulnerability in JP1/Performance Management
Overview
A File and Directory Permissions Vulnerability (CVE-2023-3440) exists in JP1/Performance Management.
CVSS Severity (What is CVSS?)
CVSS V3 Severity: Base Metrics 8.4 (High) [Vendor Score] Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality Impact: High Integrity Impact: High Availability Impact: High
Affected Products

Hitachi, Ltd Hitachi Tuning Manager JP1/Performance Management - Agent Option for Application Server JP1/Performance Management - Agent Option for Domino JP1/Performance Management - Agent Option for Enterprise Applications JP1/Performance Management - Agent Option for HiRDB JP1/Performance Management - Agent Option for IBM Lotus Domino JP1/Performance Management - Agent Option for IBM WebSphere Application Server JP1/Performance Management - Agent Option for IBM WebSphere MQ JP1/Performance Management - Agent Option for JP1/AJS3 JP1/Performance Management - Agent Option for Microsoft(R) Exchange Server JP1/Performance Management - Agent Option for Microsoft(R) Internet Information Server JP1/Performance Management - Agent Option for Microsoft(R) SQL Server JP1/Performance Management - Agent Option for OpenTP1 JP1/Performance Management - Agent Option for Oracle JP1/Performance Management - Agent Option for Oracle (R) WebLogic Server JP1/Performance Management - Agent Option for Platform JP1/Performance Management - Agent Option for Service Response JP1/Performance Management - Agent Option for Transaction System JP1/Performance Management - Agent Option for uCosminexus Application Server JP1/Performance Management - Agent Option for Virtual Machine JP1/Performance Management - Base JP1/Performance Management - Manager JP1/Performance Management - Remote Monitor for Microsoft(R) SQL Server JP1/Performance Management - Remote Monitor for Oracle JP1/Performance Management - Remote Monitor for Platform JP1/Performance Management - Remote Monitor for Virtual Machine
Please refer to Vendor Information for more details.
Impact
Regarding the impact of the vulnerability, please refer to the vendor advisory.
Solution
Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action.
Vendor Information
Hitachi, Ltd Hitachi Software Vulnerability Information : hitachi-sec-2023-145 Hitachi Software Vulnerability Information : hitachi-sec-2024-104
CWE (What is CWE?)
No Mapping(CWE-noinfo) [IPA Evaluation]
CVE (What is CVE?)
CVE-2023-3440
References
National Vulnerability Database (NVD) : CVE-2023-3440
Revision History
[2023/10/04] Web page was published [2024/01/16] Affected Products : Product was added Vendor Information : Content was added References : Content was added


Date Public	2023/10/03
Date First Published	2023/10/04
Date Last Updated	2023/10/04

File and Directory Permissions Vulnerability in JP1/Performance Management