Hitachi 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには バッファオーバーフロー、vendor risk xxe、vendor risk open redirect, and vendor risk memory corruption があり、vendor surface production workloads の利用場面で vendor impact unexpected behavior、アプリケーションクラッシュ, and vendor impact memory corruption などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2026-2255 | Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, expose Hadoop cluster credentials in plain text through the Cluster Test API. Although the user should not see those explicitly, the defect is mitigated by the fact the user can already leverage those credentials to submit jobs under the same account through the backend API. | [email protected] | 4.3 | 0.17% | 2026-05-27 | 2026-06-18 |
| CVE-2026-2254 | Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, does not apply ACLs on certain API endpoints related to platform mail notfications. | [email protected] | 6.3 | 0.15% | 2026-05-27 | 2026-06-18 |
| CVE-2026-2253 | Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0, including 9.3.x and 8.3.x, does not prevent certain XML parsers from resolving external entities. | [email protected] | 7.7 | 0.20% | 2026-05-27 | 2026-06-18 |
| CVE-2025-11159 | Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a data source administrator. | [email protected] | 9.1 | 0.34% | 2026-05-13 | 2026-06-17 |
| CVE-2025-2514 | Improper restriction of excessive authentication attempts vulnerability in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28. This issue affects Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390 | [email protected] | 5.3 | 0.30% | 2026-05-07 | 2026-06-17 |
| CVE-2025-1978 | Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28. This issue affects Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage | [email protected] | 8.3 | 0.54% | 2026-05-07 | 2026-06-17 |
| CVE-2025-9661 | OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23, 24, 26 and 28. This issue affects Hitachi Virtual Storage Platform One Block 23/24/26/28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00. | [email protected] | 8.1 | 0.90% | 2026-05-07 | 2026-06-17 |
| CVE-2025-65116 | Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows, Job Management Partner 1/Software Distribution Manager on Windows, Job Management Partner 1/Software Dis | [email protected] | 5.5 | 0.14% | 2026-04-07 | 2026-06-17 |
| CVE-2025-65115 | Remote Code Execution Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Desktop Management - Manager on Windows, JP1/NETM/DM Manager on Windows, JP1/NETM/DM Client on Windows, Job Management Partner 1/Software Distribution Manager on Windows, Job Management Partner 1/Softwa | [email protected] | 8.8 | 0.61% | 2026-04-07 | 2026-06-17 |
| CVE-2025-11158 | Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including 9.3.x and 8.3.x, do not restrict Groovy scripts in new PRPT reports published by users, allowing insertion of arbitrary scripts and leading to a RCE. | [email protected] | 9.1 | 0.38% | 2026-03-10 | 2026-06-17 |
| CVE-2025-0976 | Information Exposure Vulnerability in Hitachi Ops Center API Configuration Manager, Hitachi Configuration Manager.This issue affects Hitachi Ops Center API Configuration Manager: from 10.0.0-00 before 11.0.4-00; Hitachi Configuration Manager: from 8.6.1-00 before 11.0.5-00. | [email protected] | 4.7 | 0.16% | 2026-02-25 | 2026-06-17 |
| CVE-2025-5781 | Information Exposure Vulnerability in Hitachi Ops Center API Configuration Manager, Hitachi Configuration Manager, Hitachi Device Manager allows Session Hijacking.This issue affects Hitachi Ops Center API Configuration Manager: from 10.0.0-00 before 11.0.5-00; Hitachi Configuration Manager: from 8.5.1-00 before 11.0.5-00; Hitachi Device Manager: from 8.4.1-00 before 8.6.5-00. | [email protected] | 5.2 | 0.10% | 2026-02-25 | 2026-06-17 |
| CVE-2024-7125 | Authentication Bypass vulnerability in Hitachi Ops Center Common Services.This issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before 11.0.2-01. | [email protected] | 7.8 | 0.20% | 2024-08-27 | 2026-06-17 |
| CVE-2024-5828 | Expression Language Injection vulnerability in Hitachi Tuning Manager on Windows, Linux, Solaris allows Code Injection.This issue affects Hitachi Tuning Manager: before 8.8.7-00. | [email protected] | 8.6 | 0.36% | 2024-08-06 | 2026-06-17 |
| CVE-2024-2819 | Incorrect Default Permissions, Improper Preservation of Permissions vulnerability in Hitachi Ops Center Common Services allows File Manipulation.This issue affects Hitachi Ops Center Common Services: before 11.0.2-00. | [email protected] | 5.1 | 0.23% | 2024-07-02 | 2026-06-17 |
| CVE-2024-28984 | Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin interface. | [email protected] | 8.8 | 0.25% | 2024-06-26 | 2026-06-17 |
| CVE-2024-28983 | Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin interface. | [email protected] | 8.8 | 0.29% | 2024-06-26 | 2026-06-17 |
| CVE-2024-28982 | Hitachi Vantara Pentaho Business Analytics Server versions before 10.1.0.0 and 9.3.0.7, including 8.3.x do not correctly protect the ACL service endpoint of the Pentaho User Console against XML External Entity Reference. | [email protected] | 7.1 | 0.38% | 2024-06-26 | 2026-06-17 |
| CVE-2023-5617 | Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.6, including 9.5.x and 8.3.x, display the version of Tomcat when a server error is encountered. | [email protected] | 5.3 | 0.36% | 2024-02-28 | 2026-06-17 |
| CVE-2024-0715 | Expression Language Injection vulnerability in Hitachi Global Link Manager on Windows allows Code Injection.This issue affects Hitachi Global Link Manager: before 8.8.7-03. | [email protected] | 7.6 | 0.54% | 2024-02-20 | 2026-06-17 |