CVE-2021-29645
CVE-2021-29645 is a high-severity vulnerability in Hitachi It Operations Director with a CVSS 3.x base score of 7.0. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: High (CVSS 3.x base score 7.0)
- CVSS v2: 4.6
- EPSS exploit prediction: 0% (12th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Hitachi It Operations Director
- Published:
- Last modified:
Description
Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 calls the SendMessageTimeoutW API with arbitrary arguments via a local pipe, leading to a local privilege escalation vulnerability. An attacker who exploits this issue could execute arbitrary code on the local system.
Frequently asked questions
- What is CVE-2021-29645?
- Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 calls the SendMessageTimeoutW API with arbitrary arguments via a local pipe, leading to a local privilege escalation vulnerability. An attacker who exploits this issue could execute arbitrary code on the local system.
- How severe is CVE-2021-29645?
- CVE-2021-29645 has a CVSS 3.x base score of 7.0, rated high severity. It is exploitable over local access with high attack complexity, requires low privileges and no user interaction. Impact on confidentiality is high, integrity high, and availability high.
- Is CVE-2021-29645 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (12th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2021-29645?
- CVE-2021-29645 primarily affects Hitachi It Operations Director. In total, 14 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2021-29645?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- When was CVE-2021-29645 published?
- CVE-2021-29645 was published on 2021-10-12 and last updated on 2026-06-17.
References
Affected products (14)
- cpe:2.3:a:hitachi:it_operations_director:*:*:*:*:*:*:*:*
- cpe:2.3:a:hitachi:job_management_partner_1\/it_desktop_management-manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:hitachi:job_management_partner_1\/it_desktop_management_2-manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:hitachi:job_management_partner_1\/remote_control_agent:*:*:*:*:*:*:*:*
- cpe:2.3:a:hitachi:job_management_partner_1\/software_distribution_client:*:*:*:*:*:*:*:*
- cpe:2.3:a:hitachi:job_management_partner_1\/software_distribution_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:hitachi:jp1\/it_desktop_management-manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:hitachi:jp1\/it_desktop_management_2-manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:hitachi:jp1\/it_desktop_management_2-operations_director:*:*:*:*:*:*:*:*
- cpe:2.3:a:hitachi:jp1\/netm\/dm_client:*:*:*:*:*:*:*:*
- cpe:2.3:a:hitachi:jp1\/netm\/dm_client-remote_control_feature:*:*:*:*:*:*:*:*
- cpe:2.3:a:hitachi:jp1\/netm\/dm_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:hitachi:jp1\/netm\/remote_control_feature:*:*:*:*:*:*:*:*
- cpe:2.3:a:hitachi:jp1\/remote_control_feature:*:*:*:*:*:*:*:*
More vulnerabilities in Hitachi It Operations Director
- CVE-2013-4697 — Critical (CVSS 9.0): Multiple unspecified vulnerabilities in Hitachi JP1/IT Desktop Management - Manager 09-50 through 09-50-03, 09-51…
- CVE-2021-29644 — High (CVSS 8.1): Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 contains a remote code execution vulnerability because of an…
- CVE-2012-4276 — Medium (CVSS 5.0): Unspecified vulnerability in Hitachi IT Operations Director 02-50-01 through 02-50-07, 03-00 before 03-00-08 allows…
- CVE-2012-4275 — Medium (CVSS 4.3): Cross-site scripting (XSS) vulnerability in Hitachi IT Operations Director 02-50-01 through 02-50-07, 03-00 before…
- CVE-2012-0919 — Medium (CVSS 4.3): Cross-site scripting (XSS) vulnerability in Hitachi IT Operations Director 02-50-01 through 02-50-07, 03-00 through…