Skip to main content

Hitachi Ops Center Analyzer

2 CVEs product

Monthly

CVE-2026-3314 MEDIUM PATCH This Month

Password field masking is absent in Hitachi Ops Center Analyzer, Ops Center Analyzer viewpoint, and Hitachi Infrastructure Analytics Advisor, exposing plaintext credentials to anyone with physical or visual access to the UI. Affected components include the detail view, probe modules, and Analytics probe modules across a wide version range. No public exploit has been identified at time of analysis, and the EPSS score of 0.02% (4th percentile) reflects negligible automated exploitation probability.

Information Disclosure Hitachi Ops Center Analyzer Hitachi Ops Center Analyzer Viewpoint Hitachi Infrastructure Analytics Advisor
NVD VulDB
CVSS 3.1
4.6
EPSS
0.0%
CVE-2026-2072 HIGH PATCH This Week

A Cross-Site Scripting (XSS) vulnerability exists in the Analytics probe component of Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer. The flaw allows authenticated attackers with low privileges to execute malicious scripts in users' browsers, potentially leading to high confidentiality impact, low integrity impact, and low availability impact due to the changed scope (CVSS 8.2). There is no current indication of active exploitation (not in CISA KEV) or publicly available proof-of-concept code.

XSS Hitachi Infrastructure Analytics Advisor Hitachi Ops Center Analyzer
NVD VulDB
CVSS 3.1
8.2
EPSS
0.0%
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

Password field masking is absent in Hitachi Ops Center Analyzer, Ops Center Analyzer viewpoint, and Hitachi Infrastructure Analytics Advisor, exposing plaintext credentials to anyone with physical or visual access to the UI. Affected components include the detail view, probe modules, and Analytics probe modules across a wide version range. No public exploit has been identified at time of analysis, and the EPSS score of 0.02% (4th percentile) reflects negligible automated exploitation probability.

Information Disclosure Hitachi Ops Center Analyzer Hitachi Ops Center Analyzer Viewpoint +1
NVD VulDB
EPSS 0% CVSS 8.2
HIGH PATCH This Week

A Cross-Site Scripting (XSS) vulnerability exists in the Analytics probe component of Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer. The flaw allows authenticated attackers with low privileges to execute malicious scripts in users' browsers, potentially leading to high confidentiality impact, low integrity impact, and low availability impact due to the changed scope (CVSS 8.2). There is no current indication of active exploitation (not in CISA KEV) or publicly available proof-of-concept code.

XSS Hitachi Infrastructure Analytics Advisor Hitachi Ops Center Analyzer
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy