Description
Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor (Analytics probe component), Hitachi Ops Center Analyzer.This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.5-00.
Published: 2026-03-25
Score: 8.2 High
EPSS: < 1% Very Low
KEV: No
Impact: Cross‑Site Scripting
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is a web application weakness that allows an attacker to inject arbitrary client‑side script through the Hitachi Infrastructure Analytics Advisor’s Analytics probe component and the Hitachi Ops Center Analyzer. This client‑side code injection can cause the victim’s browser to execute malicious JavaScript, potentially leading to cross‑site request forgery, credential theft, or other session‑related attacks. The weakness is classified as CWE‑79, indicating improper input sanitization in a web context.

Affected Systems

Affected versions are Hitachi Infrastructure Analytics Advisor 10.0.0‑00 up to, but not including, 11.0.5‑00, and Hitachi Ops Center Analyzer 10.0.0‑00 up to, but not including, 11.0.5‑00. These products are used in enterprise infrastructure monitoring and analytics.

Risk and Exploitability

The CVSS base score of 8.2 reflects a high severity risk. No EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, the most likely attack vector is a web‑based input that accepts user data and fails to properly sanitize it, allowing a malicious script to be stored or reflected, requiring an attacker to send a crafted request to the affected system. While the exact prerequisites are not disclosed, such XSS bugs typically require access to the web interface and may succeed without authentication if the input is publicly exposed.

Generated by OpenCVE AI on March 25, 2026 at 03:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest vendor patch or upgrade to version 11.0.5‑00 or newer for both Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer.
  • Verify that the upgrade has been performed by checking the product version in the administration console.
  • Monitor user reports for unexpected script execution or account takeovers after the update.

Generated by OpenCVE AI on March 25, 2026 at 03:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 25 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Hitachi
Hitachi infrastructure Analytics Advisor
Hitachi ops Center Analyzer
Vendors & Products Hitachi
Hitachi infrastructure Analytics Advisor
Hitachi ops Center Analyzer

Wed, 25 Mar 2026 02:45:00 +0000

Type Values Removed Values Added
Description Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor (Analytics probe component), Hitachi Ops Center Analyzer.This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.5-00.
Title Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L'}

Subscriptions

Hitachi Infrastructure Analytics Advisor Ops Center Analyzer
cve-icon MITRE

Status: PUBLISHED

Assigner: Hitachi

Published:

Updated: 2026-03-25T13:29:19.385Z

Reserved: 2026-02-06T07:41:41.771Z

Link: CVE-2026-2072

cve-icon Vulnrichment

Updated: 2026-03-25T13:29:15.552Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-25T03:16:05.850

Modified: 2026-03-25T15:41:33.977

Link: CVE-2026-2072

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T21:15:58Z

Weaknesses