wid-sec-w-2026-0708 · Published 2026-03-11 · View on BSI CERT-Bund ↗

Hitachi Virtual Storage Platform: Multiple Vulnerabilities

CVSS 9.1 CRITICAL

Risk Summary

In WS-Inc J WBEM Server 4.7.4 before 4.7.5, the CIM-XML protocol adapter does not disable entity resolution. This allows context-dependent attackers to read arbitrary files or cause a denial of service, a similar issue to CVE-2013-4152.

CVEs (2)

CVE-2023-37364 CVE-2025-7386

Affected Vendors

Hitachi

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more