cvedb.io
CVE-2021-41573
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2021-09-29T18:15:09.967 · Last modified 2026-06-17T04:08:40.347

Summary

Hitachi Content Platform Anywhere (HCP-AW) 4.4.5 and later allows information disclosure. If authenticated user creates a link to a file or folder while the system was running version 4.3.x or earlier and then shares the link and then later deletes the file or folder without deleting the link and before the link expires. If the system has been upgraded to version 4.4.5 or 4.5.0 a malicious user with the link could browse and download all files of the authenticated user that created the link .

Affected products

hitachi — content_platform_anywhere

Does this affect you?

Add your gear to cvedb and we'll alert you only when hitachi ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.