CVE-2021-41573
Summary
| CVE | CVE-2021-41573 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-09-29 18:15:00 UTC |
| Updated | 2021-10-07 19:07:00 UTC |
| Description | Hitachi Content Platform Anywhere (HCP-AW) 4.4.5 and later allows information disclosure. If authenticated user creates a link to a file or folder while the system was running version 4.3.x or earlier and then shares the link and then later deletes the file or folder without deleting the link and before the link expires. If the system has been upgraded to version 4.4.5 or 4.5.0 a malicious user with the link could browse and download all files of the authenticated user that created the link . |
Risk And Classification
Problem Types: CWE-552
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Hitachi | Content Platform Anywhere | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Security Information: Hitachi Incident Response Team : Hitachi | MISC | www.hitachi.com | |
| hitachi-sec-2021-602Hitachi Content Platform Anywhere Information Disclosure Vulnerability : Hitachi Incident Response Team : Hitachi | MISC | www.hitachi.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.