| Title | Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center Analyzer, Hitachi Ops Center Analyzer viewpointおよびHitachi Ops Center Viewpointにおける複数の脆弱性 |
|---|---|
| Summary | Hitachi Infrastructure Analytics Advisorに以下の脆弱性が存在します。 CVE-2025-48924 Hitachi Ops Center Analyzerに以下の脆弱性が存在します。 CVE-2025-48924 Hitachi Ops Center Analyzer viewpointに以下の脆弱性が存在します。 CVE-2025-48924 Hitachi Ops Center Viewpointに以下の脆弱性が存在します。 CVE-2023-35116, CVE-2025-24970, CVE-2025-25193, CVE-2025-48924, CVE-2025-55163, CVE-2025-58056, CVE-2025-58057 |
| Possible impacts | 想定される影響については、ベンダ情報をご確認ください。 |
| Solution | ベンダ情報を参照して適切な対策を実施してください。 |
| Publication Date | June 23, 2026, midnight |
| Registration Date | June 25, 2026, 9:25 a.m. |
| Last Update | June 25, 2026, 9:25 a.m. |
| 日立 |
| Hitachi Infrastructure Analytics Advisor (海外販売のみ) Hitachi Infrastructure Analytics Advisor Linux(x64) 11.0.8-00未満 |
| Hitachi Infrastructure Analytics Advisor (海外販売のみ) Hitachi Infrastructure Analytics Advisor Linux(x64) 2.1.0-00以降 |
| Hitachi Infrastructure Analytics Advisor (海外販売のみ) Hitachi Infrastructure Analytics Advisor Windows(x64) 11.0.8-00未満 |
| Hitachi Infrastructure Analytics Advisor (海外販売のみ) Hitachi Infrastructure Analytics Advisor Windows(x64) 2.1.0-00以降 |
| Hitachi Ops Center Analyzer (海外販売のみ) Ops Center Analyzer server Linux(x64) 10.0.0-00以降 |
| Hitachi Ops Center Analyzer (海外販売のみ) Ops Center Analyzer server Linux(x64) 11.0.8-00未満 |
| Hitachi Ops Center Analyzer (海外販売のみ) Ops Center Analyzer server Windows(x64) 10.0.0-00以降 |
| Hitachi Ops Center Analyzer (海外販売のみ) Ops Center Analyzer server Windows(x64) 11.0.8-00未満 |
| Hitachi Ops Center Analyzer viewpoint (海外販売のみ) Linux(x64) 10.0.0-00以降 |
| Hitachi Ops Center Analyzer viewpoint (海外販売のみ) Linux(x64) 11.0.8-00未満 |
| Hitachi Ops Center Viewpoint (国内販売のみ) Viewpoint data center proxy Linux(x64) 10.8.0-00以降 |
| Hitachi Ops Center Viewpoint (国内販売のみ) Viewpoint data center proxy Linux(x64) 11.0.8-00未満 |
| Hitachi Ops Center Viewpoint (国内販売のみ) Viewpoint data center proxy Windows(x64) 10.8.0-00以降 |
| Hitachi Ops Center Viewpoint (国内販売のみ) Viewpoint data center proxy Windows(x64) 11.0.8-00未満 |
| Hitachi Ops Center Viewpoint (国内販売のみ) Viewpoint Linux(x64) 10.8.0-00以降 |
| Hitachi Ops Center Viewpoint (国内販売のみ) Viewpoint Linux(x64) 11.0.8-00未満 |
| Hitachi Ops Center Viewpoint (国内販売のみ) Viewpoint Windows(x64) 10.8.0-00以降 |
| Hitachi Ops Center Viewpoint (国内販売のみ) Viewpoint Windows(x64) 11.0.8-00未満 |
| No | Changed Details | Date of change |
|---|---|---|
| 1 | [2026年06月25日] 掲載 |
June 25, 2026, 9:25 a.m. |
| Summary | jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker. |
|---|---|
| Publication Date | June 14, 2023, 11:15 p.m. |
| Registration Date | June 15, 2023, 10 a.m. |
| Last Update | Nov. 21, 2024, 5:07 p.m. |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:* | 2.16.0 | ||||
| Summary | Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cases which can lead to a native crash. Version 4.1.118.Final contains a patch. As workaround its possible to either disable the usage of the native SSLEngine or change the code manually. |
|---|---|
| Publication Date | Feb. 11, 2025, 7:15 a.m. |
| Registration Date | Feb. 12, 2025, 4:01 a.m. |
| Last Update | Feb. 12, 2025, 1:15 a.m. |
| Summary | Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and including 4.1.118.Final. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crash. A similar issue was previously reported as CVE-2024-47535. This issue was fixed, but the fix was incomplete in that null-bytes were not counted against the input limit. Commit d1fbda62d3a47835d3fb35db8bd42ecc205a5386 contains an updated fix. |
|---|---|
| Publication Date | Feb. 11, 2025, 7:15 a.m. |
| Registration Date | Feb. 12, 2025, 4:01 a.m. |
| Last Update | Feb. 12, 2025, 1:15 a.m. |
| Summary | Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a Users are recommended to upgrade to version 3.18.0, which fixes the issue. |
|---|---|
| Publication Date | July 12, 2025, 12:15 a.m. |
| Registration Date | July 12, 2025, 4 a.m. |
| Last Update | July 15, 2025, 2:15 a.m. |
| Summary | Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to MadeYouReset DDoS. This is a logical vulnerability in the HTTP/2 protocol, that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit - which results in resource exhaustion and distributed denial of service. This issue has been patched in versions 4.1.124.Final and 4.2.4.Final. |
|---|---|
| Publication Date | Aug. 14, 2025, 12:15 a.m. |
| Registration Date | Aug. 14, 2025, 4 a.m. |
| Last Update | Aug. 14, 2025, 12:15 a.m. |