Hitachi Energy Ellipse
Summary
Hitachi Energy's Ellipse product, specifically versions 9.0.50 and prior, is affected by a deserialization vulnerability within the Jasper Report component. This flaw can be exploited by attackers to achieve remote code execution.
IFF Assessment
The vulnerability allows for remote code execution, which is a serious threat to system integrity and availability.
Severity
The CVSS score of 9.8 indicates a critical severity, primarily due to the potential for remote code execution (attack vector: network) without any user interaction, leading to a complete loss of confidentiality, integrity, and availability.
Defender Context
Defenders should prioritize patching or applying mitigations for Hitachi Energy Ellipse versions 9.0.50 and earlier. Restricting custom report loading to only trusted sources generated by administrators is a key mitigation strategy to prevent exploitation of this deserialization vulnerability.