Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
Low
Attack Vector
Local
0

CVE-2023-3440

Disclosure Date: October 03, 2023
CVE-2023-3440 CVSS v3 Base Score: 7.8
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Incorrect Default Permissions vulnerability in Hitachi JP1/Performance Management on Windows allows File Manipulation.This issue affects JP1/Performance Management – Manager: from 09-00 before 12-50-07; JP1/Performance Management – Base: from 09-00 through 10-50-; JP1/Performance Management – Agent Option for Application Server: from 11-00 before 11-50-16; JP1/Performance Management – Agent Option for Enterprise Applications: from 09-00 before 12-00-14; JP1/Performance Management – Agent Option for HiRDB: from 09-00 before 12-00-14; JP1/Performance Management – Agent Option for IBM Lotus Domino: from 10-00 before 11-50-16; JP1/Performance Management – Agent Option for Microsoft® Exchange Server: from 09-00 before  12-00-14; JP1/Performance Management – Agent Option for Microsoft® Internet Information Server: from 09-00 before 12-00-14; JP1/Performance Management – Agent Option for Microsoft® SQL Server: from 09-00 before 12-50-07; JP1/Performance Management – Agent Option for Oracle: from 09-00 before  12-10-08; JP1/Performance Management – Agent Option for Platform: from 09-00 before 12-50-07; JP1/Performance Management – Agent Option for Service Response: from 09-00 before 11-50-16; JP1/Performance Management – Agent Option for Transaction System: from 11-00 before 12-00-14; JP1/Performance Management – Remote Monitor for Microsoft® SQL Server: from 09-00 before 12-50-07; JP1/Performance Management – Remote Monitor for Oracle: from 09-00 before 12-10-08; JP1/Performance Management – Remote Monitor for Platform: from 09-00 before 12-10-08; JP1/Performance Management – Remote Monitor for Virtual Machine: from 10-00 before 12-50-07; JP1/Performance Management – Agent Option for Domino: from 09-00 through 09-00-; JP1/Performance Management – Agent Option for IBM WebSphere Application Server: from 09-00 through 10-00-; JP1/Performance Management – Agent Option for IBM WebSphere MQ: from 09-00 through 10-00-; JP1/Performance Management – Agent Option for JP1/AJS3: from 09-00 through 10-00-; JP1/Performance Management – Agent Option for OpenTP1: from 09-00 through 10-00-; JP1/Performance Management – Agent Option for Oracle WebLogic Server: from 09-00 through 10-00-; JP1/Performance Management – Agent Option for uCosminexus Application Server: from 09-00 through 10-00-; JP1/Performance Management – Agent Option for Virtual Machine: from 09-00 through 09-01-*.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
7.8 High
Impact Score:
5.9
Exploitability Score:
1.8
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Local
Attack Complexity (AC):
Low
Privileges Required (PR):
Low
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
JP1/Performance Management - Manager not down converted
JP1/Performance Management - Base 10-50-*
JP1/Performance Management - Agent Option for Application Server not down converted
JP1/Performance Management - Agent Option for Enterprise Applications not down converted
JP1/Performance Management - Agent Option for HiRDB not down converted
JP1/Performance Management - Agent Option for IBM Lotus Domino not down converted
JP1/Performance Management - Agent Option for Microsoft(R) Exchange Server not down converted
JP1/Performance Management - Agent Option for Microsoft(R) Internet Information Server not down converted
JP1/Performance Management - Agent Option for Microsoft(R) SQL Server not down converted
JP1/Performance Management - Agent Option for Oracle not down converted
JP1/Performance Management - Agent Option for Platform not down converted
JP1/Performance Management - Agent Option for Service Response not down converted
JP1/Performance Management - Agent Option for Transaction System not down converted
JP1/Performance Management - Remote Monitor for Microsoft(R) SQL Server not down converted
JP1/Performance Management - Remote Monitor for Oracle not down converted
JP1/Performance Management - Remote Monitor for Platform not down converted
JP1/Performance Management - Remote Monitor for Virtual Machine not down converted
JP1/Performance Management - Agent Option for Domino 09-00-*
JP1/Performance Management - Agent Option for IBM WebSphere Application Server 10-00-*
JP1/Performance Management - Agent Option for IBM WebSphere MQ 10-00-*
JP1/Performance Management - Agent Option for JP1/AJS3 10-00-*
JP1/Performance Management - Agent Option for OpenTP1 10-00-*
JP1/Performance Management - Agent Option for Oracle WebLogic Server 10-00-*
JP1/Performance Management - Agent Option for uCosminexus Application Server 10-00-*
JP1/Performance Management - Agent Option for Virtual Machine 09-01-*
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis