SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in a Storage administrative role are able to access HNAS configuration backup and diagnostic data, that would normally be barred to that specific administrative role.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Vantara_hitachi_network_attached_storage | Hitachi | * | 14.8.7825.01 (including) |