Skip to main content

Hitachi Infrastructure Analytics Advisor EUVDEUVD-2026-15186

| CVE-2026-2072 HIGH
Cross-site Scripting (XSS) (CWE-79)
2026-03-25 Hitachi GHSA-fx3v-mjwv-84rw
8.2
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.2 HIGH
AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
Low
Availability
Low

Lifecycle Timeline

6
Analysis Updated
Apr 16, 2026 - 06:16 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
11.0.5-00
EUVD ID Assigned
Mar 25, 2026 - 02:45 euvd
EUVD-2026-15186
Analysis Generated
Mar 25, 2026 - 02:45 vuln.today
CVE Published
Mar 25, 2026 - 02:15 nvd
HIGH 8.2

DescriptionCVE.org

Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor (Analytics probe component), Hitachi Ops Center Analyzer.This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.5-00.

AnalysisAI

A Cross-Site Scripting (XSS) vulnerability exists in the Analytics probe component of Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer. The flaw allows authenticated attackers with low privileges to execute malicious scripts in users' browsers, potentially leading to high confidentiality impact, low integrity impact, and low availability impact due to the changed scope (CVSS 8.2). There is no current indication of active exploitation (not in CISA KEV) or publicly available proof-of-concept code.

Technical ContextAI

This vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation), commonly known as Cross-Site Scripting. The affected products are Hitachi Infrastructure Analytics Advisor (specifically the Analytics probe component) identified by CPE cpe:2.3:a:hitachi:hitachi_infrastructure_analytics_advisor:*:*:*:*:*:*:*:* and Hitachi Ops Center Analyzer versions from 10.0.0-00 before 11.0.5-00 identified by CPE cpe:2.3:a:hitachi:hitachi_ops_center_analyzer:*:*:*:*:*:*:*:*. These are enterprise infrastructure monitoring and analytics platforms that collect, analyze, and visualize data from storage systems and IT infrastructure. The XSS vulnerability likely exists in web-based dashboard or reporting interfaces where user-supplied input is not properly sanitized before being rendered in the browser, allowing script injection.

RemediationAI

Organizations should upgrade Hitachi Ops Center Analyzer to version 11.0.5-00 or later as specified in the vendor advisory at https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2026-114/index.html. For Hitachi Infrastructure Analytics Advisor, consult the same advisory for specific patching guidance regarding the Analytics probe component. Until patching is complete, implement defense-in-depth measures including Content Security Policy (CSP) headers to restrict script execution, input validation at application entry points, and Web Application Firewall (WAF) rules to detect and block XSS attempts. Limit access to the analytics interfaces to trusted users and networks, and educate users about the risks of clicking suspicious links or interacting with untrusted content within the application.

Share

EUVD-2026-15186 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy