Hitachi Ops Center API Configuration Manager, Configuration Manager, and Device Manager Session Hijacking Vulnerability

A session hijacking vulnerability has been identified in Hitachi Ops Center API Configuration Manager (versions 10.0.0-00 prior to 11.0.5-00), Hitachi Configuration Manager (versions 8.5.1-00 prior to 11.0.5-00), and Hitachi Device Manager (versions 8.4.1-00 prior to 8.6.5-00). This vulnerability allows session tokens to be improperly stored, potentially leading to unauthorized access.

Impact

Exploitation of this vulnerability could result in session hijacking, allowing an attacker to take over a user's session and potentially gain unauthorized access to the application or its features.

Remediation

Users of Hitachi Device Manager should upgrade to Hitachi Configuration Manager 11.0.5-00 or later. If the REST API functionality is not needed, it is recommended to uninstall Hitachi Configuration Manager. Users of Hitachi Configuration Manager or Hitachi Ops Center API Configuration Manager should upgrade to version 11.0.5-00.