{"api_version":"1","generated_at":"2026-04-23T06:18:54+00:00","cve":"CVE-2020-36605","urls":{"html":"https://cve.report/CVE-2020-36605","api":"https://cve.report/api/cve/CVE-2020-36605.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-36605","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-36605"},"summary":{"title":"CVE-2020-36605","description":"Incorrect Default Permissions vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write specific files. This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.0-00; Hitachi Ops Center Viewpoint: from 10.8.0-00 before 10.9.0-00.","state":"PUBLIC","assigner":"hirt@hitachi.co.jp","published_at":"2022-11-01 03:15:00","updated_at":"2023-11-07 03:22:00"},"problem_types":["CWE-276"],"metrics":[],"references":[{"url":"https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2022-134/index.html","name":"https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2022-134/index.html","refsource":"MISC","tags":[],"title":"Multiple Vulnerabilities in Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center Analyzer and Hitachi Ops Center Viewpoint: Software Vulnerability Information: Software: Hitachi","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2022-134/index.html","name":"https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2022-134/index.html","refsource":"MISC","tags":[],"title":"Multiple Vulnerabilities in Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center Analyzer and Hitachi Ops Center Viewpoint: Software Vulnerability Information: Software: Hitachi","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-36605","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36605","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"36605","vulnerable":"1","versionEndIncluding":"4.4.0-00","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"hitachi","cpe5":"infrastructure_analytics_advisor","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"36605","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"hitachi","cpe5":"ops_center_analyzer","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"36605","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"hitachi","cpe5":"ops_center_viewpoint","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"36605","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"x64","cpe13":"*"},{"cve_year":"2020","cve_id":"36605","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"x64","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2020-36605","ASSIGNER":"hirt@hitachi.co.jp","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"Incorrect Default Permissions vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write specific files. This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.0-00; Hitachi Ops Center Viewpoint: from 10.8.0-00 before 10.9.0-00."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-276 Incorrect Default Permissions","cweId":"CWE-276"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Hitachi","product":{"product_data":[{"product_name":"Hitachi Infrastructure Analytics Advisor","version":{"version_data":[{"version_value":"2.0.0-00","version_affected":"="}]}},{"product_name":"Hitachi Ops Center Analyzer","version":{"version_data":[{"version_value":"10.0.0-00","version_affected":"="}]}},{"product_name":"Hitachi Ops Center Viewpoint","version":{"version_data":[{"version_value":"10.8.0-00","version_affected":"="}]}}]}}]}},"references":{"reference_data":[{"url":"https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2022-134/index.html","refsource":"MISC","name":"https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2022-134/index.html"}]},"generator":{"engine":"Vulnogram 0.1.0-dev"},"source":{"advisory":"hitachi-sec-2022-134","discovery":"UNKNOWN"},"impact":{"cvss":[{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":6.6,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H","version":"3.1"}]}},"nvd":{"publishedDate":"2022-11-01 03:15:00","lastModifiedDate":"2023-11-07 03:22:00","problem_types":["CWE-276"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":4.4,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.8,"impactScore":2.5}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:hitachi:infrastructure_analytics_advisor:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0-00","versionEndIncluding":"4.4.0-00","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:x64:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:x64:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:hitachi:ops_center_analyzer:*:*:*:*:*:*:*:*","versionStartIncluding":"10.0.0-00","versionEndExcluding":"10.9.0-00","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:x64:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:hitachi:ops_center_viewpoint:*:*:*:*:*:*:*:*","versionStartIncluding":"10.8.0-00","versionEndExcluding":"10.9.0-00","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:x64:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":null,"notes":[]}}}