CVE-2022-41552 CRITICAL

CVE-2022-41552: Server-Side Request Forgery Vulnerability in Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center Analyzer

Vendor Hitachi

Product Hitachi Infrastructure Analytics Advisor

Weakness CWE-918 · SSRF

Published November 1, 2022

Last update May 1, 2025

View on NVD All CVEs

CVSS base score

9.8/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Server-Side Request Forgery (SSRF) vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Data Center Analytics, Analytics probe components), Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe components) allows Server Side Request Forgery. This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.0-00.

Key dates

02Disclosure timeline

November 1, 2022 CVE published

May 1, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-41552

Related vulnerabilities

Identifiers

CVE CVE-2022-41552

CWE CWE-918

CVSS 9.8 / CRITICAL

Affected versions

Vendor Hitachi

Product Hitachi Infrastructure Analytics Advisor

Affected ≥ 2.0.0-00 and ≤ 4.4.0-00

Vendor Hitachi

Product Hitachi Ops Center Analyzer

Affected ≥ 10.0.0-00 and < 10.9.0-00

CVE-2022-41552: Server-Side Request Forgery Vulnerability in Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center Analyzer

01Description

02Disclosure timeline

03References

04Related CVE