A vulnerability exists in the affected versions of Lumada APM’s User Asset Group feature
due to a flaw in access control mechanism implementation on the “Limited Engineer” role, granting it access to the embedded Power BI reports
feature. An attacker that manages to exploit the vulnerability on a customer’s Lumada APM could access unauthorized information by gaining
unauthorized access to any Power BI reports installed by the customer. 
Furthermore, the vulnerability enables an attacker to manipulate asset issue comments on assets, which should not be available to the attacker.
Affected versions 
  *  Lumada APM on-premises version 6.0.0.0 - 6.4.0.*
List of CPEs: 
  *  cpe:2.3:a:hitachienergy:lumada_apm:6.0.0.0:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:lumada_apm:6.1.0.0:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:lumada_apm:6.2.0.0:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:lumada_apm:6.3.0.0:*:*:*:*:*:*:*
  *  cpe:2.3:a:hitachienergy:lumada_apm:6.4.0.0:*:*:*:*:*:*:*
                
            Metrics
Affected Vendors & Products
References
        History
                    Mon, 07 Apr 2025 15:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | ssvc 
 | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: Hitachi Energy
Published: 2023-01-12T14:01:51.857Z
Updated: 2025-04-07T15:06:41.003Z
Reserved: 2022-06-21T16:47:22.017Z
Link: CVE-2022-2155
 Vulnrichment
                        Vulnrichment
                    Updated: 2024-08-03T00:32:07.969Z
 NVD
                        NVD
                    Status : Modified
Published: 2023-01-12T15:15:09.797
Modified: 2024-11-21T07:00:26.363
Link: CVE-2022-2155
 Redhat
                        Redhat
                    No data.
 ReportizFlow
ReportizFlow