QSearchQSearch

CVE-2021-41573

7.5 HIGH

Hitachi Content Platform Anywhere (HCP-AW) 4.4.5 and later allows information disclosure

Published: 2021-09-29 · Last updated: 2026-06-17

Severity and scoring

CVSS
7.5 HIGH
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE
CWE-552

Affected products

VendorProduct
hitachicontent_platform_anywhere

Description

Hitachi Content Platform Anywhere (HCP-AW) 4.4.5 and later allows information disclosure. If authenticated user creates a link to a file or folder while the system was running version 4.3.x or earlier and then shares the link and then later deletes the file or folder without deleting the link and before the link expires. If the system has been upgraded to version 4.4.5 or 4.5.0 a malicious user with the link could browse and download all files of the authenticated user that created the link .

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2025-11159 Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to extern... (9.1 CRITICAL)
  • CVE-2021-3196 An issue was discovered in Hitachi ID Bravura Security Fabric 11.0.0 through 11.1.3, 12.0.0 through 12.0.2, and 12.1.0 (8.8 HIGH)

Same CWE

  • CVE-2025-14771 Files or directories accessible to external parties vulnerability in ABB T-MAC Plus (9.9 CRITICAL)
  • CVE-2026-45543 Nextcloud is an open source content collaboration platform (5.3 MEDIUM)
  • CVE-2026-40425 The administrator account for the Danelec MacGregor Voyage Data Recorder web interface can directly edit sensitive files related to auth... (5.7 MEDIUM)
  • CVE-2026-45088 Dalfox is a powerful open-source XSS scanner and utility focused on automation (7.5 HIGH)
  • CVE-2024-56462 IBM QRadar 7.5.0 through 7.5.0 UP15 Interim Fix 002 could allow a privileged user to upload a malicious backup archive that could be rest... (7.2 HIGH)