CVE-2021-28052
HIGHHitachi Content Platform <8.3.7, <9.0.0-9.2.3 - Privilege Escalation
Title source: llmDescription
A tenant administrator Hitachi Content Platform (HCP) may modify the configuration in another tenant without authorization, potentially allowing unauthorized access to data in the other tenant. Also, a tenant user (non-administrator) may view configuration in another tenant without authorization. This issue affects: Hitachi Vantara Hitachi Content Platform versions prior to 8.3.7; 9.0.0 versions prior to 9.2.3.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.hitachi.com/hirt/hitachi-sec/2021/604.html
Vendor Advisory x_refsource_misc
https://knowledge.hitachivantara.com/Security/HCP_Multitenancy_Vulnerability
Scores
CVSS v3
7.5
EPSS
0.0066
EPSS Percentile
47.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-264
CWE-862
Status
published
Products (1)
hitach/vantara
< 8.3.7
Published
Sep 26, 2022
Tracked Since
Feb 18, 2026