Skip to main content

Device Manager

17 CVEs product

Monthly

CVE-2025-5781 MEDIUM This Month

Configuration Manager versions up to 11.0.5-00 is affected by insertion of sensitive information into log file (CVSS 5.2).

Information Disclosure Ops Center Api Configuration Manager Device Manager Configuration Manager
NVD
CVSS 3.1
5.2
EPSS
0.0%
CVE-2025-30025 HIGH PATCH This Week

CVE-2025-30025 is a local privilege escalation vulnerability in the inter-process communication (IPC) protocol between a server process and its service control mechanism, caused by insecure deserialization (CWE-502). An authenticated local attacker with limited privileges can exploit this flaw to escalate to higher privileges, potentially gaining complete system compromise including confidentiality, integrity, and availability impact. While the CVSS score of 7.8 indicates high severity, the local attack vector and requirement for prior authentication mean this affects primarily multi-user systems or scenarios where an attacker has already gained initial local access.

Privilege Escalation Camera Station Pro Device Manager
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-30024 MEDIUM PATCH This Month

The communication protocol used between client and server had a flaw that could be leveraged to execute a man in the middle attack.

Information Disclosure Device Manager
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-30023 CRITICAL PATCH Act Now

CVE-2025-30023 is a critical remote code execution vulnerability in a client-server communication protocol that allows authenticated users to execute arbitrary code on affected systems. The flaw affects users with valid credentials who can access the affected service over an adjacent network segment, potentially compromising confidentiality, integrity, and availability across trust boundaries. While specific product details are limited in the provided data, this represents a high-severity risk requiring immediate patching, particularly if actively exploited or if public proof-of-concept code exists.

RCE Authentication Bypass Camera Station Device Manager Camera Station Pro
NVD
CVSS 3.1
9.0
EPSS
2.3%
CVE-2023-50916 HIGH POC This Week

Kyocera Device Manager before 3.1.1213.0 allows NTLM credential exposure during UNC path authentication via a crafted change from a local path to a UNC path. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Path Traversal Device Manager Windows
NVD
CVSS 3.1
7.2
EPSS
0.3%
CVE-2023-34143 HIGH This Week

Improper Validation of Certificate with Host Mismatch vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Server, Device Manager Agent, Host Data Collector components) allows. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Microsoft Device Manager
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2023-34142 HIGH This Week

Cleartext Transmission of Sensitive Information vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Server, Device Manager Agent, Host Data Collector components) allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Device Manager
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2021-31989 MEDIUM This Month

A user with permission to log on to the machine hosting the AXIS Device Manager client could under certain conditions extract a memory dump from the built-in Windows Task Manager application. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft Information Disclosure Device Manager
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2019-17360 HIGH This Week

A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.7.0-00 allows an unauthenticated remote user to trigger a denial of service (DoS) condition because of Uncontrolled Resource Consumption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Device Manager Replication Manager Tiered Storage Manager Infrastructure Analytics Advisor +1
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2018-11748 HIGH This Week

Previous releases of the Puppet device_manager module creates configuration files containing credentials that are world readable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Device Manager
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-14735 HIGH This Week

An Information Exposure issue was discovered in Hitachi Command Suite 8.5.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Compute Systems Manager Device Manager Replication Manager Tiered Storage Manager +2
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2017-9298 MEDIUM This Month

Cross-site scripting vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to execute arbitrary JavaScript code. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Device Manager
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-9297 MEDIUM This Month

Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to redirect users to arbitrary web sites. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Device Manager
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-9296 MEDIUM This Month

Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Tuning Manager before 8.5.2-00 allows remote attackers to redirect authenticated users to arbitrary web sites. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Device Manager
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-9295 MEDIUM This Month

XXE vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to read arbitrary files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Device Manager
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-9294 CRITICAL Act Now

RMI vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to execute internal commands without authentication via RMI ports. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Device Manager
NVD
CVSS 3.0
9.8
EPSS
4.4%
CVE-2015-1565 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the online help in Hitachi Device Manager, Tiered Storage Manager, Replication Manager, and Global Link Manager before 8.1.2-00, and Compute Systems. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Device Manager Replication Manager Tiered Storage Manager Compute Systems Manager +1
NVD
CVSS 2.0
4.3
EPSS
0.3%
EPSS 0% CVSS 5.2
MEDIUM This Month

Configuration Manager versions up to 11.0.5-00 is affected by insertion of sensitive information into log file (CVSS 5.2).

Information Disclosure Ops Center Api Configuration Manager Device Manager +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

CVE-2025-30025 is a local privilege escalation vulnerability in the inter-process communication (IPC) protocol between a server process and its service control mechanism, caused by insecure deserialization (CWE-502). An authenticated local attacker with limited privileges can exploit this flaw to escalate to higher privileges, potentially gaining complete system compromise including confidentiality, integrity, and availability impact. While the CVSS score of 7.8 indicates high severity, the local attack vector and requirement for prior authentication mean this affects primarily multi-user systems or scenarios where an attacker has already gained initial local access.

Privilege Escalation Camera Station Pro Device Manager
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

The communication protocol used between client and server had a flaw that could be leveraged to execute a man in the middle attack.

Information Disclosure Device Manager
NVD
EPSS 2% CVSS 9.0
CRITICAL PATCH Act Now

CVE-2025-30023 is a critical remote code execution vulnerability in a client-server communication protocol that allows authenticated users to execute arbitrary code on affected systems. The flaw affects users with valid credentials who can access the affected service over an adjacent network segment, potentially compromising confidentiality, integrity, and availability across trust boundaries. While specific product details are limited in the provided data, this represents a high-severity risk requiring immediate patching, particularly if actively exploited or if public proof-of-concept code exists.

RCE Authentication Bypass Camera Station +2
NVD
EPSS 0% CVSS 7.2
HIGH POC This Week

Kyocera Device Manager before 3.1.1213.0 allows NTLM credential exposure during UNC path authentication via a crafted change from a local path to a UNC path. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Path Traversal Device Manager +1
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Improper Validation of Certificate with Host Mismatch vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Server, Device Manager Agent, Host Data Collector components) allows. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Microsoft Device Manager
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Cleartext Transmission of Sensitive Information vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Server, Device Manager Agent, Host Data Collector components) allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Device Manager
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

A user with permission to log on to the machine hosting the AXIS Device Manager client could under certain conditions extract a memory dump from the built-in Windows Task Manager application. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft Information Disclosure Device Manager
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.7.0-00 allows an unauthenticated remote user to trigger a denial of service (DoS) condition because of Uncontrolled Resource Consumption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Device Manager Replication Manager +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Previous releases of the Puppet device_manager module creates configuration files containing credentials that are world readable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Device Manager
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An Information Exposure issue was discovered in Hitachi Command Suite 8.5.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Compute Systems Manager Device Manager +4
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Cross-site scripting vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to execute arbitrary JavaScript code. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Device Manager
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to redirect users to arbitrary web sites. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Device Manager
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Tuning Manager before 8.5.2-00 allows remote attackers to redirect authenticated users to arbitrary web sites. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Device Manager
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

XXE vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to read arbitrary files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Device Manager
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

RMI vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to execute internal commands without authentication via RMI ports. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Device Manager
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the online help in Hitachi Device Manager, Tiered Storage Manager, Replication Manager, and Global Link Manager before 8.1.2-00, and Compute Systems. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Device Manager Replication Manager +3
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy