CVERadar

CVE-2024-0715

Medium Severity

Hitachi

SVRS

30/100

CVSSv3

9.8/10

EPSS

0.00397/1

CVE-2024-0715: Expression Language Injection vulnerability in Hitachi Global Link Manager. This flaw allows for potentially malicious code injection. The vulnerability exists in Hitachi Global Link Manager versions prior to 8.8.7-03, impacting Windows systems. While the CVSS score is high at 9.8, the SOCRadar Vulnerability Risk Score (SVRS) is 30, suggesting a lower real-world threat level compared to the CVSS. However, exploitation could lead to unauthorized code execution, potentially compromising the affected system. Organizations using Hitachi Global Link Manager should prioritize updating to the latest version to mitigate this critical risk. Even with a lower SVRS score, the presence of "In The Wild" indicates active exploitation attempts.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT

CVE Details

Access comprehensive CVE information instantly

Real-time Tracking

Subscribe to CVEs and get instant updates

Exploit Analysis

Monitor related APT groups and threats

IOC Tracking

Analyze and track CVE-related IOCs

News

CVE-2024-0715 | Hitachi Global Link Manager prior 8.8.7-03 on Windows Expression Language expression language injection (hitachi-sec-2024-112)

vuldb.com2025-02-13

CVE-2024-0715 | Hitachi Global Link Manager prior 8.8.7-03 on Windows Expression Language expression language injection (hitachi-sec-2024-112) | A vulnerability, which was classified as critical, was found in Hitachi Global Link Manager on Windows. This affects an unknown part of the component Expression Language Handler. The manipulation leads to improper neutralization of special elements used in an expression language statement. This vulnerability is uniquely identified as <a href="https://vuldb.com

vuldb.com

rss

forum

news

Social Media

No tweets found for this CVE

Affected Software

Configuration 1

Type	Vendor	Product
App	Hitachi	global_link_manager

References

Reference	Link
[email protected]	https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-112/index.html
AF854A3A-2127-422B-91AE-364DA2661108	https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-112/index.html
[email protected]	https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-112/index.html

CWE Details

CWE ID	CWE Name	Description
CWE-917	Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')	The software constructs all or part of an expression language (EL) statement in a Java Server Page (JSP) using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended EL statement before it is executed.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence