Hitachi Ops Center Analyzer
Monthly
Password field masking is absent in Hitachi Ops Center Analyzer, Ops Center Analyzer viewpoint, and Hitachi Infrastructure Analytics Advisor, exposing plaintext credentials to anyone with physical or visual access to the UI. Affected components include the detail view, probe modules, and Analytics probe modules across a wide version range. No public exploit has been identified at time of analysis, and the EPSS score of 0.02% (4th percentile) reflects negligible automated exploitation probability.
A Cross-Site Scripting (XSS) vulnerability exists in the Analytics probe component of Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer. The flaw allows authenticated attackers with low privileges to execute malicious scripts in users' browsers, potentially leading to high confidentiality impact, low integrity impact, and low availability impact due to the changed scope (CVSS 8.2). There is no current indication of active exploitation (not in CISA KEV) or publicly available proof-of-concept code.
Password field masking is absent in Hitachi Ops Center Analyzer, Ops Center Analyzer viewpoint, and Hitachi Infrastructure Analytics Advisor, exposing plaintext credentials to anyone with physical or visual access to the UI. Affected components include the detail view, probe modules, and Analytics probe modules across a wide version range. No public exploit has been identified at time of analysis, and the EPSS score of 0.02% (4th percentile) reflects negligible automated exploitation probability.
A Cross-Site Scripting (XSS) vulnerability exists in the Analytics probe component of Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer. The flaw allows authenticated attackers with low privileges to execute malicious scripts in users' browsers, potentially leading to high confidentiality impact, low integrity impact, and low availability impact due to the changed scope (CVSS 8.2). There is no current indication of active exploitation (not in CISA KEV) or publicly available proof-of-concept code.