CVE-2022-4895 HIGH

CVE-2022-4895: Man-in-the-middle attack Vulnerability in Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center Analyzer

Vendor Hitachi

Product Hitachi Infrastructure Analytics Advisor

Weakness CWE-295

Published February 28, 2023

Last update March 7, 2025

View on NVD All CVEs

CVSS base score

8.6/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

What the vulnerability does

01Description

Improper Certificate Validation vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component) allows Man in the Middle Attack.This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.1-00.

Key dates

02Disclosure timeline

February 28, 2023 CVE published

March 7, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-4895 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/295.html

Related vulnerabilities

Identifiers

CVE CVE-2022-4895

CWE CWE-295

CVSS 8.6 / HIGH

Affected versions

Vendor Hitachi

Product Hitachi Infrastructure Analytics Advisor

Affected ≥ 2.0.0-00 and ≤ 4.4.0-00

Vendor Hitachi

Product Hitachi Ops Center Analyzer

Affected ≥ 10.0.0-00 and < 10.9.1-00

CVE-2022-4895: Man-in-the-middle attack Vulnerability in Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center Analyzer

01Description

02Disclosure timeline

03References

04Related CVE