CVE-2023-3440

File and Directory Permission Vulnerability in JP1/Performance Management

Description

Incorrect Default Permissions vulnerability in Hitachi JP1/Performance Management on Windows allows File Manipulation.This issue affects JP1/Performance Management - Manager: from 09-00 before 12-50-07; JP1/Performance Management - Base: from 09-00 through 10-50-*; JP1/Performance Management - Agent Option for Application Server: from 11-00 before 11-50-16; JP1/Performance Management - Agent Option for Enterprise Applications: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for HiRDB: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for IBM Lotus Domino: from 10-00 before 11-50-16; JP1/Performance Management - Agent Option for Microsoft(R) Exchange Server: from 09-00 before  12-00-14; JP1/Performance Management - Agent Option for Microsoft(R) Internet Information Server: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for Microsoft(R) SQL Server: from 09-00 before 12-50-07; JP1/Performance Management - Agent Option for Oracle: from 09-00 before  12-10-08; JP1/Performance Management - Agent Option for Platform: from 09-00 before 12-50-07; JP1/Performance Management - Agent Option for Service Response: from 09-00 before 11-50-16; JP1/Performance Management - Agent Option for Transaction System: from 11-00 before 12-00-14; JP1/Performance Management - Remote Monitor for Microsoft(R) SQL Server: from 09-00 before 12-50-07; JP1/Performance Management - Remote Monitor for Oracle: from 09-00 before 12-10-08; JP1/Performance Management - Remote Monitor for Platform: from 09-00 before 12-10-08; JP1/Performance Management - Remote Monitor for Virtual Machine: from 10-00 before 12-50-07; JP1/Performance Management - Agent Option for Domino: from 09-00 through 09-00-*; JP1/Performance Management - Agent Option for IBM WebSphere Application Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for IBM WebSphere MQ: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for JP1/AJS3: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for OpenTP1: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for Oracle WebLogic Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for uCosminexus Application Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for Virtual Machine: from 09-00 through 09-01-*.

Category

8.4
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.09%
Vendor Advisory hitachi.com
Affected: Hitachi JP1/Performance Management - Manager
Affected: Hitachi JP1/Performance Management - Base
Affected: Hitachi JP1/Performance Management - Agent Option for Application Server
Affected: Hitachi JP1/Performance Management - Agent Option for Enterprise Applications
Affected: Hitachi JP1/Performance Management - Agent Option for HiRDB
Affected: Hitachi JP1/Performance Management - Agent Option for IBM Lotus Domino
Affected: Hitachi JP1/Performance Management - Agent Option for Microsoft(R) Exchange Server
Affected: Hitachi JP1/Performance Management - Agent Option for Microsoft(R) Internet Information Server
Affected: Hitachi JP1/Performance Management - Agent Option for Microsoft(R) SQL Server
Affected: Hitachi JP1/Performance Management - Agent Option for Oracle
Affected: Hitachi JP1/Performance Management - Agent Option for Platform
Affected: Hitachi JP1/Performance Management - Agent Option for Service Response
Affected: Hitachi JP1/Performance Management - Agent Option for Transaction System
Affected: Hitachi JP1/Performance Management - Remote Monitor for Microsoft(R) SQL Server
Affected: Hitachi JP1/Performance Management - Remote Monitor for Oracle
Affected: Hitachi JP1/Performance Management - Remote Monitor for Platform
Affected: Hitachi JP1/Performance Management - Remote Monitor for Virtual Machine
Affected: Hitachi JP1/Performance Management - Agent Option for Domino
Affected: Hitachi JP1/Performance Management - Agent Option for IBM WebSphere Application Server
Affected: Hitachi JP1/Performance Management - Agent Option for IBM WebSphere MQ
Affected: Hitachi JP1/Performance Management - Agent Option for JP1/AJS3
Affected: Hitachi JP1/Performance Management - Agent Option for OpenTP1
Affected: Hitachi JP1/Performance Management - Agent Option for Oracle WebLogic Server
Affected: Hitachi JP1/Performance Management - Agent Option for uCosminexus Application Server
Affected: Hitachi JP1/Performance Management - Agent Option for Virtual Machine
Published at:
Updated at:

References

Link Tags
https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-145/index.html vendor advisory

Frequently Asked Questions

What is the severity of CVE-2023-3440?
CVE-2023-3440 has been scored as a high severity vulnerability.
How to fix CVE-2023-3440?
To fix CVE-2023-3440, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-3440 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2023-3440 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-3440?
CVE-2023-3440 affects Hitachi JP1/Performance Management - Manager, Hitachi JP1/Performance Management - Base, Hitachi JP1/Performance Management - Agent Option for Application Server, Hitachi JP1/Performance Management - Agent Option for Enterprise Applications, Hitachi JP1/Performance Management - Agent Option for HiRDB, Hitachi JP1/Performance Management - Agent Option for IBM Lotus Domino, Hitachi JP1/Performance Management - Agent Option for Microsoft(R) Exchange Server, Hitachi JP1/Performance Management - Agent Option for Microsoft(R) Internet Information Server, Hitachi JP1/Performance Management - Agent Option for Microsoft(R) SQL Server, Hitachi JP1/Performance Management - Agent Option for Oracle, Hitachi JP1/Performance Management - Agent Option for Platform, Hitachi JP1/Performance Management - Agent Option for Service Response, Hitachi JP1/Performance Management - Agent Option for Transaction System, Hitachi JP1/Performance Management - Remote Monitor for Microsoft(R) SQL Server, Hitachi JP1/Performance Management - Remote Monitor for Oracle, Hitachi JP1/Performance Management - Remote Monitor for Platform, Hitachi JP1/Performance Management - Remote Monitor for Virtual Machine, Hitachi JP1/Performance Management - Agent Option for Domino, Hitachi JP1/Performance Management - Agent Option for IBM WebSphere Application Server, Hitachi JP1/Performance Management - Agent Option for IBM WebSphere MQ, Hitachi JP1/Performance Management - Agent Option for JP1/AJS3, Hitachi JP1/Performance Management - Agent Option for OpenTP1, Hitachi JP1/Performance Management - Agent Option for Oracle WebLogic Server, Hitachi JP1/Performance Management - Agent Option for uCosminexus Application Server, Hitachi JP1/Performance Management - Agent Option for Virtual Machine.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.