Unknown
CVE-2022-2155
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
CVE-2022-2155
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
A vulnerability exists in the affected versions of Lumada APM’s User Asset Group feature
due to a flaw in access control mechanism implementation on the “Limited Engineer” role, granting it access to the embedded Power BI reports
feature. An attacker that manages to exploit the vulnerability on a customer’s Lumada APM could access unauthorized information by gaining
unauthorized access to any Power BI reports installed by the customer.
Furthermore, the vulnerability enables an attacker to manipulate asset issue comments on assets, which should not be available to the attacker.
Affected versions
- Lumada APM on-premises version 6.0.0.0 – 6.4.0.*
List of CPEs:
- cpe:2.3:a:hitachienergy:lumada_apm:6.0.0.0:::::::*
- cpe:2.3:a:hitachienergy:lumada_apm:6.1.0.0:::::::*
- cpe:2.3:a:hitachienergy:lumada_apm:6.2.0.0:::::::*
- cpe:2.3:a:hitachienergy:lumada_apm:6.3.0.0:::::::*
- cpe:2.3:a:hitachienergy:lumada_apm:6.4.0.0:::::::*
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
General Information
Vendors
Products
References
Additional Info
Technical Analysis
Report as Emergent Threat Response
Report as Zero-day Exploit
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
