NVD Vulnerability Detail

CVE-2020-36695

Summary	Incorrect Default Permissions vulnerability in Hitachi Device Manager on Linux (Device Manager Server component), Hitachi Tiered Storage Manager on Linux, Hitachi Replication Manager on Linux, Hitachi Tuning Manager on Linux (Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID, Hitachi Tuning Manager - Agent for NAS components), Hitachi Compute Systems Manager on Linux allows File Manipulation.This issue affects Hitachi Device Manager: before 8.8.5-02; Hitachi Tiered Storage Manager: before 8.8.5-02; Hitachi Replication Manager: before 8.8.5-02; Hitachi Tuning Manager: before 8.8.5-02; Hitachi Compute Systems Manager: before 8.8.3-08.
Publication Date	July 18, 2023, 12:15 p.m.
Registration Date	July 18, 2023, 4 p.m.
Last Update	Nov. 21, 2024, 2:30 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:hitachi:compute_systems_manager::::::::					8.8.3-08
cpe:2.3:a:hitachi:device_manager::::::::					8.8.5-02
cpe:2.3:a:hitachi:replication_manager::::::::					8.8.5-02
cpe:2.3:a:hitachi:tiered_storage_manager::::::::					8.8.5-02
cpe:2.3:a:hitachi:tuning_manager::::::::					8.8.5-02
execution environment
1	cpe:2.3:o:linux:linux_kernel:-:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-124/index.html		Vendor Advisory
2	https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-124/index.html		Vendor Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-276	不適切なデフォルトパーミッション	https://cwe.mitre.org/data/definitions/276.html

JVN Vulnerability Information

Hitachi Command Suite 製品におけるファイルおよびディレクトリパーミッションの脆弱性

Title	Hitachi Command Suite 製品におけるファイルおよびディレクトリパーミッションの脆弱性
Summary	Hitachi Command Suite 製品にファイルおよびディレクトリパーミッションの脆弱性 (CVE-2020-36695) が存在します。
Possible impacts	想定される影響については、ベンダ情報をご確認ください。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	July 18, 2023, midnight
Registration Date	July 19, 2023, 2 p.m.
Last Update	July 19, 2023, 2 p.m.

Affected System

日立

Hitachi Compute Systems Manager

Hitachi Device Manager

Hitachi Replication Manager

Hitachi Tiered Storage Manager

Hitachi Tuning Manager

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2020-36695	https://www.cve.org/CVERecord?id=CVE-2020-36695

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-noinfo	https://www.ipa.go.jp/security/vuln/scap/cwe.html

ベンダー情報

No	Name	URL
Hitachi Software Vulnerability Information
1	hitachi-sec-2023-124	https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-124/index.html
ソフトウェア製品セキュリティ情報
2	hitachi-sec-2023-124	https://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2023-124/index.html

Change Log

No	Changed Details	Date of change
1	[2023年07月19日] 掲載	July 19, 2023, 2 p.m.