CVE-2020-36695: File and Directory Permission Vulnerability in Hitachi Command Suite
First published: Tue Jul 18 2023(Updated: )
Incorrect Default Permissions vulnerability in Hitachi Device Manager on Linux (Device Manager Server component), Hitachi Tiered Storage Manager on Linux, Hitachi Replication Manager on Linux, Hitachi Tuning Manager on Linux (Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID, Hitachi Tuning Manager - Agent for NAS components), Hitachi Compute Systems Manager on Linux allows File Manipulation.This issue affects Hitachi Device Manager: before 8.8.5-02; Hitachi Tiered Storage Manager: before 8.8.5-02; Hitachi Replication Manager: before 8.8.5-02; Hitachi Tuning Manager: before 8.8.5-02; Hitachi Compute Systems Manager: before 8.8.3-08.
Credit: hirt@hitachi.co.jp hirt@hitachi.co.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hitachi Compute Systems Manager | <8.8.3-08 | |
| Hitachi Device Manager | <8.8.5-02 | |
| Hitachi Replication Manager | <8.8.5-02 | |
| Hitachi Tiered Storage Manager | <8.8.5-02 | |
| Hitachi Tuning Manager | <8.8.5-02 | |
| Linux Linux kernel |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2020-36695.
Which software products are affected by this vulnerability?
The affected software products include Hitachi Compute Systems Manager, Hitachi Device Manager, Hitachi Replication Manager, Hitachi Tiered Storage Manager, and Hitachi Tuning Manager.
What is the severity of CVE-2020-36695?
The severity of CVE-2020-36695 is high with a CVSS score of 7.8.
How can I fix the Incorrect Default Permissions vulnerability in Hitachi software?
To fix the vulnerability, it is recommended to update the affected Hitachi software products to version 8.8.5-02 or above.
Where can I find more information about this vulnerability?
You can find more information about this vulnerability at the following link: https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-124/index.html
- collector/nvd-latest
- collector/nvd-api
- collector/nvd-index
- agent/author
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/title
- agent/severity
- agent/tags
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- vendor/hitachi
- canonical/hitachi compute systems manager
- canonical/hitachi device manager
- canonical/hitachi replication manager
- canonical/hitachi tiered storage manager
- canonical/hitachi tuning manager
- vendor/linux
- canonical/linux linux kernel