Vulnerability Description
A tenant administrator Hitachi Content Platform (HCP) may modify the configuration in another tenant without authorization, potentially allowing unauthorized access to data in the other tenant. Also, a tenant user (non-administrator) may view configuration in another tenant without authorization. This issue affects: Hitachi Vantara Hitachi Content Platform versions prior to 8.3.7; 9.0.0 versions prior to 9.2.3.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hitach | Vantara | < 8.3.7 |
Related Weaknesses (CWE)
References
- https://knowledge.hitachivantara.com/Security/HCP_Multitenancy_VulnerabilityVendor Advisory
- https://www.hitachi.com/hirt/hitachi-sec/2021/604.htmlVendor Advisory
- https://knowledge.hitachivantara.com/Security/HCP_Multitenancy_VulnerabilityVendor Advisory
- https://www.hitachi.com/hirt/hitachi-sec/2021/604.htmlVendor Advisory
FAQ
What is CVE-2021-28052?
CVE-2021-28052 is a vulnerability with a CVSS score of 7.5 (HIGH). A tenant administrator Hitachi Content Platform (HCP) may modify the configuration in another tenant without authorization, potentially allowing unauthorized access to data in the other tenant. Also, ...
How severe is CVE-2021-28052?
CVE-2021-28052 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-28052?
Check the references section above for vendor advisories and patch information. Affected products include: Hitach Vantara.