Hitachi Virtual Storage Platform One Block 26
Monthly
Remote command injection in Hitachi Virtual Storage Platform One Block versions 23, 24, 26, and 28 allows unauthenticated attackers to execute arbitrary OS commands through the management GUI maintenance utility. The vulnerability affects the DKCMAIN and ESM components prior to versions A3-04-21-40/00 and A3-04-21/00 respectively. With CVSS 8.1 (High) and network attack vector, this represents significant risk to enterprise storage infrastructure, though AC:H indicates exploitation requires specialized conditions. No active exploitation confirmed (not in CISA KEV) and EPSS data not available at time of analysis.
Remote command injection in Hitachi Virtual Storage Platform One Block versions 23, 24, 26, and 28 allows unauthenticated attackers to execute arbitrary OS commands through the management GUI maintenance utility. The vulnerability affects the DKCMAIN and ESM components prior to versions A3-04-21-40/00 and A3-04-21/00 respectively. With CVSS 8.1 (High) and network attack vector, this represents significant risk to enterprise storage infrastructure, though AC:H indicates exploitation requires specialized conditions. No active exploitation confirmed (not in CISA KEV) and EPSS data not available at time of analysis.