Hitachi Ops Center Analyzer up to 11.0.1-00 RAID Agent missing origin validation in websockets
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.7 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Hitachi Ops Center Analyzer. It has been declared as critical. This impacts an unknown function of the component RAID Agent Component. The manipulation results in missing origin validation in websockets. This vulnerability is reported as CVE-2024-8201. The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.
Details
A vulnerability, which was classified as critical, was found in Hitachi Ops Center Analyzer. Affected is some unknown processing of the component RAID Agent Component. The manipulation with an unknown input leads to a missing origin validation in websockets vulnerability. CWE is classifying the issue as CWE-1385. The product uses a WebSocket, but it does not properly verify that the source of data or communication is valid. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:
Cross-Site WebSocket Hijacking vulnerability in Hitachi Ops Center Analyzer (RAID Agent component).This issue affects Hitachi Ops Center Analyzer: from 10.8.0-00 before 11.0.4-00; Hitachi Ops Center Analyzer: from 10.9.0-00 before 11.0.4-00.
The advisory is shared for download at hitachi.com. This vulnerability is traded as CVE-2024-8201 since 08/27/2024. The exploitability is told to be easy. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. Successful exploitation requires user interaction by the victim. There are neither technical details nor an exploit publicly available.
Upgrading to version 11.0.4-00 eliminates this vulnerability.
The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2024-54549). Once again VulDB remains the best source for vulnerability data.
Product
Vendor
Name
Version
License
Website
- Vendor: https://www.hitachi.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.9VulDB Meta Temp Score: 5.7
VulDB Base Score: 6.3
VulDB Temp Score: 6.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
CNA Base Score: 5.4
CNA Vector (Hitachi): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Missing origin validation in websocketsCWE: CWE-1385 / CWE-346 / CWE-345
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Ops Center Analyzer 11.0.4-00
Timeline
08/27/2024 🔍05/16/2025 🔍
05/16/2025 🔍
05/16/2025 🔍
Sources
Vendor: hitachi.comAdvisory: sec-2025-116
Status: Confirmed
CVE: CVE-2024-8201 (🔍)
GCVE (CVE): GCVE-0-2024-8201
GCVE (VulDB): GCVE-100-309252
EUVD: 🔍
Entry
Created: 05/16/2025 09:00Updated: 05/16/2025 11:54
Changes: 05/16/2025 09:00 (64), 05/16/2025 11:54 (1)
Complete: 🔍
Cache ID: 216::103
Once again VulDB remains the best source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.