CVE-2023-1995

Summary

Insufficient Logging vulnerability in Hitachi HiRDB Server, HiRDB Server With Addtional Function, HiRDB Structured Data Access Facility.This issue affects HiRDB Server: before 09-60-39, before 09-65-23,

before 09-66-17,

before 10-01-10, before 10-03-12, before 10-04-06, before 10-05-06, before 10-06-02; HiRDB Server With Addtional Function: before 09-60-2M, before 09-65-/W

, before 09-66-/Q

; HiRDB Structured Data Access Facility: before 09-60-39, before 10-03-12, before 10-04-06, before 10-06-02.

Affected Software

VendorProductVersion RangeStatus
HitachiHiRDB Server07-03 < 09-60affected
HitachiHiRDB Server09-60 < 09-60-39affected
HitachiHiRDB Server09-65 < 09-65-23affected
HitachiHiRDB Server09-66 < 09-66-17affected
HitachiHiRDB Server10-00 <= 10-00-*affected
HitachiHiRDB Server10-01 < 10-01-10affected
HitachiHiRDB Server10-02 <= 10-02-*affected
HitachiHiRDB Server10-03 < 10-03-12affected
HitachiHiRDB Server10-04 < 10-04-06affected
HitachiHiRDB Server10-05 < 10-05-06affected
HitachiHiRDB Server10-06 < 10-06-02affected
HitachiHiRDB Server With Addtional Function07-03 < 09-60affected
HitachiHiRDB Server With Addtional Function09-60 < 09-60-2Maffected
HitachiHiRDB Server With Addtional Function09-65 < 09-65-/Waffected
HitachiHiRDB Server With Addtional Function09-66 < 09-66-/Qaffected
HitachiHiRDB Structured Data Access Facility07-03 < 09-60affected
HitachiHiRDB Structured Data Access Facility09-60 < 09-60-39affected
HitachiHiRDB Structured Data Access Facility09-65 <= 09-65-*affected
HitachiHiRDB Structured Data Access Facility09-66 <= 09-66-*affected
HitachiHiRDB Structured Data Access Facility10-00 <= 10-00-*affected
HitachiHiRDB Structured Data Access Facility10-01 <= 10-01-*affected
HitachiHiRDB Structured Data Access Facility10-02 <= 10-02-*affected
HitachiHiRDB Structured Data Access Facility10-03 < 10-03-12affected
HitachiHiRDB Structured Data Access Facility10-04 < 10-04-06affected
HitachiHiRDB Structured Data Access Facility10-05 <= 10-05-*affected
HitachiHiRDB Structured Data Access Facility10-06 < 10-06-02affected

Weaknesses

  • CWE-778: CWE-778 Insufficient Logging

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References