Cust Letter Shellshock Hitachi
description
Transcript of Cust Letter Shellshock Hitachi
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 1
Hitachi Data Systems Product Affectivity
for Worldwide Security Vulnerabilities Hitachi Data Systems continuously strives to provide you with the highest quality products and solutions. We take this responsibility very seriously. To this end, we constantly monitor our quality control and storage system test processes to ensure that our products are secure and operating at peak performance. When worldwide security vulnerabilities are identified, our Product Engineering and Global Security teams review with our vendors any potential security threats that the vulnerability may pose within Hitachi Data Systems product and solution offerings. At the completion of the assessment Hitachi Data Systems releases product statements describing any exposure our customers may have to this issue. Our engineering teams prepare circumvention and software fixes for any product affected to ensure that you are protected. A list of worldwide security vulnerabilities is included in the table below. Click the name of the vulnerability to view Hitachi Data Systems product affectivity matrix for that issue.
Security Vulnerability
Description
CVE-2015-1635 HTTP.sys Remote Code Execution Vulnerability April 22, 2015
CVE-2015-1635 HTTP.sys Remote Code Execution Vulnerability: HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability."
CVE-2015-0290 & CVE-2015-0291 Open SSL Vulnerability
March 30, 2015
CVE-2015-0290 & CVE-2015-0291 Open SSL Vulnerability: The multi-block feature in the ssl3_write_bytes function in s3_pkt.c in OpenSSL 1.0.2 before 1.0.2a on 64-bit x86 platforms with AES NI support does not properly handle certain non-blocking I/O cases, which allows remote attackers to cause a denial of service (pointer corruption and application crash) via unspecified vectors.
FREAK vulnerability (CVE-2015-0204) March 4,2015
CVE-2015-0204-FREAK: The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role.
SAMBA CVE-2015-0240 February 23, 2015
CVE-2015-0240-Samba: is a security flaw in the smbd file server daemon. It can be exploited by a malicious Samba client by sending specially-crafted packets to the Samba server. No authentication is required to exploit this flaw. It can result in remotely controlled execution of arbitrary code as root.
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 2
Security Vulnerability
Description
GHOST (CVE-2015-0235) January 27, 2015
CVE-2015-0235 -GHOST is a 'buffer overflow' Linux bug affecting the gethostbyname() and
gethostbyname2() function calls in the glibc library. This vulnerability in Linux allows a remote attacker that is able to make an application call to either of these functions to execute arbitrary code with the permissions of the user running the application.
NTP (CVE-2014-9293 through CVE-2014-9296) December 22, 2014
Network Time Protocol (NTP) Vulnerability (CVE-2014-9293 through CVE-2014-9296): A remote attacker can send a carefully crafted packet that can overflow a stack buffer and potentially allow malicious code to be executed with the privilege level of the ntpd process.
POODLE CVE-2014-3566 September 2014
Padding Oracle On Downgraded Legacy Encryption (POODLE): An attacker who acts as man-in-the-middle can force the SSL/TLS protocol to downgrade to version 3.0 if the attacked application supports this old SSL version. This legacy protocol is not secure. Depending on the application, it may be possible for an adversary to mount attacks that can lead to disclosure of secret data such as passwords or HTTP cookies.
Shellshock CVE-2014-6271 September 24, 2014
Shellshock CVE-2014-6271 (and the related issues CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, and CVE-2014-6278): This vulnerability affects UNIX-based Bash (Bourne shell) and has the potential to arbitrarily execute code within UNIX environments. Some native services and applications may allow remote unauthenticated attackers to provide environment variables and exploit this issue.
OpenSSL Heartbleed April 2014
OpenSSL Heartbleed: This is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected under normal conditions by the SSL/TLS encryption used to secure the internet. SSL/TLS provides communication security and privacy over the internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs). The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.
CVE-2015-1635 HTTP.sys Remote Code Execution Vulnerability The following table references Hitachi Data Systems products and solutions affected by the worldwide security issue known as CVE-2015-1635 HTTP.sys Remote Code Execution Vulnerability. Open items are actively updated; please review this table frequently for new details.
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 3
(CVE-2015-1635) HTTP.sys Remote Code Execution Vulnerability
Product Type Product Name Affected? Vulnerable? Version More Information
Networking Brocade
VTL BusTech
Networking Cisco Systems
Networking Emulex
Networking Qlogic
Software Application Protector
Software Arkivio
Software Business Continuity Manager
Software CA Integration Module
Software Clinical Repository - Karos
Software Clinical Repository - Visbion
Software Command Director
Software Compute Systems Manager
Software Data Instance Manager
Software Data Protection Suite
Software Device Manager
Software Dual Active ID
Software Dynamic Link Manager
Software Dynamic Replicator
Software e-Copy
Software IT Operations Analyzer
Software IT Operations Analyzer Advance
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 4
(CVE-2015-1635) HTTP.sys Remote Code Execution Vulnerability
Product Type Product Name Affected? Vulnerable? Version More Information
Software IT Operations Director
Software IT Operations Integrator
Software IT Operations Repository
Software LPAR
Software Microsoft Adapters
Software NanoCopy
Software Oracle Adapters
Software Power Saving
Software Protection Manager
Software Replication Manager
Software Replication Monitor
Software SAP Adapters
Software Sepaton
Software Server Conductor
Software Seven10
Software SpectraLogic
Software Storage Adapter for Petrel
Software Storage Navigator Modular 2
No No
Recommend customer patch OS of management server, if applicable (see Microsoft MS15-034)
Software Storage Optimization for MS SharePoint
Software Storage Services Manager
Software
Storage Viewer Suite
Backup Services Manager (HBSM)
Storage Capacity Reporter (HSCR)
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 5
(CVE-2015-1635) HTTP.sys Remote Code Execution Vulnerability
Product Type Product Name Affected? Vulnerable? Version More Information
Storage Fabric Reporter (HSFR)
Virtual Server Reporter (HVSR)
File Analytics Reporter (HFAR)
Software StorFirst Apollo
Software Streaming Data Platform
Software Symantec Adapters
Software Tiered Storage Manager
Software Tiered Storage Manager for MF
Software Tuning Manager
Software TurboLUN
Software UCP Orchestration Software
Software Virtual Infrastructure Integrator
Software Virtual Tape Library Diligent
VTL Virtual Tape Library FalconStor
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 6
(CVE-2015-1635) HTTP.sys Remote Code Execution Vulnerability
Product Type Product Name Affected? Vulnerable? Version More Information
Software VMware Adapters
Software Zone Allocation Manager
Systems Adaptable Modular Storage (AMS)
No No
System does not contain Windows OS.
Systems Adaptable Modular Storage 2000
No No System does not contain Windows OS.
Systems Capacity Optimization
File & Content Content Platform (HCP) No No
File & Content Content Platform Anywhere (HCP-AW)
No No
File & Content HCP S Nodes No No
Systems Data Discovery Suite
Systems Data Discovery Suite for MS SharePoint
File & Content Data Ingestor and HNAS Platform F
No No
HDI and HFSM do not use IIS7 where the vulnerability is found. HDI and HFSM use Hitachi Web Server for web services. If HFSM is installed in a windows server where IIS7 is already running, attacker can attack the windows server through IIS7. In this case please apply a patch or workaround for the windows server.
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 7
(CVE-2015-1635) HTTP.sys Remote Code Execution Vulnerability
Product Type Product Name Affected? Vulnerable? Version More Information
Systems Essential NAS Platform No No System does not contain Windows OS.
Systems Hitachi Universal Storage VM
No No System does not use affected versions of Windows OS.
File & Content HUS File Module No No System does not contain
Windows OS.
Systems HyperStor
File & Content NAS 3x00 (Titan) No No System does not contain Windows OS.
File & Content NAS 30x0 (Mercury) No No System does not contain Windows OS.
File & Content NAS 4000 Series No No System does not contain Windows OS.
File & Content SMU No No System does not contain Windows OS.
Systems Network Storage Controller (NSC55)
No No System does not use affected versions of Windows OS.
Systems Simple Modular Storage (SMS)
No No System does not contain Windows OS.
Systems UCP for Microsoft Exchange
Yes Yes ALL Management Stack runs on Windows Server, mitigation under investigation.
Systems UCP Select for Microsoft SQL Server
Yes Yes ALL Management Stack runs on Windows Server, mitigation under investigation.
Systems UCP Select for Oracle Database
Yes Yes ALL Management Stack runs on Windows Server, mitigation under investigation.
Systems UCP Pro (UCP 4000 / 4000e) for VMware vSphere
Yes Yes ALL Management Stack runs on Windows Server, mitigation under investigation.
Systems
UCP Pro (UCP 4000/4000e) for Microsoft Private Cloud
Yes Yes ALL Management Stack runs on Windows Server, mitigation under investigation.
Systems UCP Select for SAP HANA
Yes Yes ALL Management Stack runs on Windows Server, mitigation under investigation.
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 8
(CVE-2015-1635) HTTP.sys Remote Code Execution Vulnerability
Product Type Product Name Affected? Vulnerable? Version More Information
Systems
UCP Select for VMware View
Yes Yes ALL Management Stack runs on Windows Server, mitigation under investigation.
Systems UCP Select for VMware vSphere
Yes Yes ALL Management Stack runs on Windows Server, mitigation under investigation.
Systems Unified Storage File Module (HUS FM)
No No System does not contain Windows OS.
Systems Unified Storage (HUS) No No System does not contain Windows OS.
Systems Unified Storage VM (HUS VM)
No No System does not use affected versions of Windows OS.
Systems Universal Storage Platform V (USP V)
No No System does not use affected versions of Windows OS.
Systems
Universal Storage Platform VM (USP VM)
No No System does not use affected versions of Windows OS.
Systems
Hitachi Virtual Storage Platform G1000 (VSP G1000)
No No
SVP is Windows 7, however SVP does not use IIS as a webserver so unaffected. Regardless, patch MS15-034 is forthcoming next SVP Security Update CD (being processed).
Systems Virtual Storage Platform (VSP)
No No System does not use affected versions of Windows OS.
Systems Workgroup Modular Storage WMS
No No System does not contain Windows OS.
Other Hi-Track Remote Monitoring system
No No
Recommend customer patch OS of management server, if applicable (see Microsoft MS15-034)
Other Remote Access Control Center (RACC)
No No
Recommend customer patch OS of management server, if applicable (see Microsoft MS15-034)
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 9
CVE-2015-0290 & CVE-2015-0291 Open SSL Vulnerability The following table references Hitachi Data Systems products and solutions affected by the worldwide security issue known as CVE-2015-0290 & CVE-2015-0291 Open SSL Vulnerability. Open items are actively updated; please review this table frequently for new details.
(CVE-2015-0290/0291)
Product Type Product Name Affected? Vulnerable? Version More Information
Networking Brocade No No FOS/NOS/BNA
http://www.brocade.com/service
s-support/drivers-
downloads/oscd/index.page?
VTL BusTech
Networking Cisco Systems Under vendor investigation 3/27
Networking Emulex
Networking Qlogic No No
Software Application Protector
Software Arkivio
Software Business Continuity Manager
No No System does not implement OpenSSL.
Software CA Integration Module
Software Clinical Repository - Karos
Software Clinical Repository - Visbion
Software Command Director
Software Compute Systems Manager
Software Data Instance Manager
Software Data Protection Suite
Software Device Manager
Software Dual Active ID
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 10
(CVE-2015-0290/0291)
Product Type Product Name Affected? Vulnerable? Version More Information
Software Dynamic Link Manager
Software Dynamic Replicator
Software e-Copy
Software IT Operations Analyzer
Software IT Operations Analyzer Advance
Software IT Operations Director
Software IT Operations Integrator
Software IT Operations Repository
Software LPAR
Software Microsoft Adapters
Software NanoCopy
Software Oracle Adapters
Software Power Saving
Software Protection Manager
Software Replication Manager
Software Replication Monitor
Software SAP Adapters
Software Sepaton
Software Server Conductor
Software Seven10
Software SpectraLogic
Software Storage Adapter for Petrel
Software Storage Navigator Modular 2
No No System does not implement OpenSSL 1.0.2
Software Storage Optimization for MS SharePoint
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 11
(CVE-2015-0290/0291)
Product Type Product Name Affected? Vulnerable? Version More Information
Software Storage Services Manager
Software
Storage Viewer Suite
Backup Services Manager (HBSM)
Storage Capacity Reporter (HSCR)
Storage Fabric Reporter (HSFR)
Virtual Server Reporter (HVSR)
File Analytics Reporter (HFAR)
Software StorFirst Apollo
Software Streaming Data Platform
Software Symantec Adapters
Software Tiered Storage Manager
Software Tiered Storage Manager for MF
Software Tuning Manager
Software TurboLUN
Software UCP Orchestration Software
Software Virtual Infrastructure Integrator
Software Virtual Tape Library Diligent
VTL Virtual Tape Library FalconStor
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 12
(CVE-2015-0290/0291)
Product Type Product Name Affected? Vulnerable? Version More Information
Software VMware Adapters
Software Zone Allocation Manager
Systems Adaptable Modular Storage (AMS)
No No
System does not implement OpenSSL 1.0.2
Systems Adaptable Modular Storage 2000
No No System does not implement OpenSSL 1.0.2
Systems Capacity Optimization
File & Content Content Platform (HCP) No No All
File & Content Content Platform Anywhere (HCP-AW)
No No All
File & Content HCP S Nodes No No All
Systems Data Discovery Suite
Systems Data Discovery Suite for MS SharePoint
File & Content Data Ingestor and HNAS Platform F
No No Product does not implement
OpenSSL 1.0.2
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 13
(CVE-2015-0290/0291)
Product Type Product Name Affected? Vulnerable? Version More Information
File & Content Data Ingestor and HNAS Platform F
No No Product does not implement OpenSSL 1.0.2
Systems Essential NAS Platform
Systems Hitachi Universal Storage VM
No No System does not implement OpenSSL 1.0.2
File & Content HUS File Module
Systems HyperStor
File & Content NAS 3x00 (Titan)
File & Content NAS 30x0 (Mercury)
File & Content NAS 4000 Series
File & Content SMU
Systems Network Storage Controller (NSC55)
No No System does not implement OpenSSL 1.0.2
Systems Simple Modular Storage (SMS)
No No System does not implement OpenSSL 1.0.2
Systems UCP for Microsoft Exchange
Systems UCP Select for Microsoft SQL Server
Systems UCP Select for Oracle Database
Systems UCP Pro (UCP 4000 / 4000e) for VMware vSphere
Systems
UCP Pro (UCP 4000/4000e) for Microsoft Private Cloud
Systems UCP Select for SAP HANA
Systems
UCP Select for VMware View
Systems UCP Select for VMware vSphere
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 14
(CVE-2015-0290/0291)
Product Type Product Name Affected? Vulnerable? Version More Information
Systems Unified Storage File Module (HUS FM)
Systems Unified Storage (HUS) No No System does not implement OpenSSL 1.0.2
Systems Unified Storage VM (HUS VM)
No No System does not implement OpenSSL 1.0.2
Systems Universal Storage Platform V (USP V)
No No System does not implement OpenSSL 1.0.2
Systems
Universal Storage Platform VM (USP VM)
No No System does not implement OpenSSL 1.0.2
Systems
Hitachi Virtual Storage Platform G1000 (VSP G1000)
No No System does not implement OpenSSL 1.0.2
Systems Virtual Storage Platform (VSP)
No No System does not implement OpenSSL 1.0.2
Systems Workgroup Modular Storage WMS
No No System does not implement OpenSSL 1.0.2
Other Hi-Track Remote Monitoring system
Under investigation
Other Remote Access Control Center (RACC)
Under investigation
CVE-2015-0204 FREAK: Security flaw in Open SSL 1.0x The following table references Hitachi Data Systems products and solutions affected by the worldwide security
issue known as CVE-2015-0240 Samba. Open items are actively updated; please review this table frequently for
new details.
(FREAK)
Product Type Product Name Affected? Vulnerable? Version More Information
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 15
(FREAK)
Product Type Product Name Affected? Vulnerable? Version More Information
Networking Brocade FOS and NOS not affected
BNA 12.3.2 and lower.
12.3.2 and lower if SSL is turned on.
Upgrade to BNA 12.3.4 or higher.
VTL BusTech
Networking Cisco Systems Yes Yes Bug # CSCus42713 has been opened for this issue
Networking Emulex
Networking Qlogic Yes Yes Firmware fix May 15 timeframe
Software Application Protector
Software Arkivio
Software Business Continuity Manager
Software CA Integration Module
Software Clinical Repository - Karos
Software Clinical Repository - Visbion
Software Command Director
Software Compute Systems Manager
Software Data Instance Manager
Software Data Protection Suite
Software Device Manager
Software Dual Active ID
Software Dynamic Link Manager
Software Dynamic Replicator
Software e-Copy
Software IT Operations Analyzer
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 16
(FREAK)
Product Type Product Name Affected? Vulnerable? Version More Information
Software IT Operations Analyzer Advance
Software IT Operations Director
Software IT Operations Integrator
Software IT Operations Repository
Software LPAR
Software Microsoft Adapters
Software NanoCopy
Software Oracle Adapters
Software Power Saving
Software Protection Manager
Software Replication Manager
Software Replication Monitor
Software SAP Adapters
Software Sepaton
Software Server Conductor
Software Seven10
Software SpectraLogic
Software Storage Adapter for Petrel
Software Storage Navigator Modular 2
No No Does not use the cipher of type RSA-EXPORT
Software Storage Optimization for MS SharePoint
Software Storage Services Manager
Software
Storage Viewer Suite
Backup Services Manager (HBSM)
Storage Capacity Reporter (HSCR)
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 17
(FREAK)
Product Type Product Name Affected? Vulnerable? Version More Information
Storage Fabric Reporter (HSFR)
Virtual Server Reporter (HVSR)
File Analytics Reporter (HFAR)
Software StorFirst Apollo
Software Streaming Data Platform
Software Symantec Adapters
Software Tiered Storage Manager
Software Tiered Storage Manager for MF
Software Tuning Manager
Software TurboLUN
Software UCP Orchestration Software
NO NO All
Only effects clients when a server indicates the client needs to downgrade the security session. This does not affect the server.
Software Virtual Infrastructure Integrator
Software Virtual Tape Library Diligent
VTL Virtual Tape Library FalconStor
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 18
(FREAK)
Product Type Product Name Affected? Vulnerable? Version More Information
Software VMware Adapters
Software Zone Allocation Manager
Systems Adaptable Modular Storage (AMS)
No No System is never SSL client
Systems Adaptable Modular Storage 2000
No No System is never SSL client
Systems Capacity Optimization
Systems Compute Blade and Compute Rack Products
File & Content Content Platform (HCP) No No All
HCP does not use the affected
ciphers. HCP is not vulnerable.
File & Content Content Platform Anywhere (HCP-AW)
No No All
HCP Anywhere does not use the
affected ciphers. HCP Anywhere
is not vulnerable.
File & Content HCP S Nodes No No All
HCP S Series is not vulnerable to
CVE-2015-0204. It does not
accept any of the cipher suites
that are vulnerable.
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 19
(FREAK)
Product Type Product Name Affected? Vulnerable? Version More Information
Systems Data Discovery Suite
Systems Data Discovery Suite for MS SharePoint
File & Content Data Ingestor and HNAS Platform F
File & Content Data Ingestor and HNAS Platform F
Systems Essential NAS Platform
Systems Hitachi Universal Storage VM
No No
File & Content HUS File Module Yes No Disable SSLv3 as per 81621
Systems HyperStor
File & Content NAS 3x00 (Titan) Yes No Disable SSLv3 as per 81621
File & Content NAS 30x0 (Mercury) Yes No Disable SSLv3 as per 81621
File & Content NAS 4000 Series Yes No Disable SSLv3 as per 81621
File & Content SMU Yes No Disable SSLv3 as per 81621
Systems Network Storage Controller (NSC55)
No No
Systems Simple Modular Storage (SMS)
No No
Systems UCP for Microsoft Exchange
NO NO ALL
Only effects clients when a server indicates the client needs to downgrade the security session. This does not affect the server.
Systems UCP Select for Microsoft SQL Server
NO NO ALL
Only effects clients when a server indicates the client needs to downgrade the security session. This does not affect the server.
Systems UCP Select for Oracle Database
NO NO ALL
Only effects clients when a server indicates the client needs to downgrade the security session. This does not affect the server.
Systems UCP Pro (UCP 4000 / 4000e) for VMware vSphere
NO NO ALL
Only effects clients when a server indicates the client needs to downgrade the security session. This does not affect the server.
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 20
(FREAK)
Product Type Product Name Affected? Vulnerable? Version More Information
Systems
UCP Pro (UCP 4000/4000e) for Microsoft Private Cloud
NO NO ALL
Only effects clients when a server indicates the client needs to downgrade the security session. This does not affect the server.
Systems UCP Select for SAP HANA
NO NO ALL
Only effects clients when a server indicates the client needs to downgrade the security session. This does not affect the server.
Systems
UCP Select for VMware View
NO NO ALL
Only effects clients when a server indicates the client needs to downgrade the security session. This does not affect the server.
Systems UCP Select for VMware vSphere
NO NO ALL
Only effects clients when a server indicates the client needs to downgrade the security session. This does not affect the server.
Systems Unified Storage File Module (HUS FM)
Yes No Disable SSLv3 as per 81621
Systems Unified Storage (HUS) No No System is never SSL client
Systems Unified Storage VM (HUS VM)
No No
Systems Universal Storage Platform V (USP V)
No No
Systems
Universal Storage Platform VM (USP VM)
No No
Systems
Hitachi Virtual Storage Platform G1000 (VSP G1000)
No No
Systems Virtual Storage Platform (VSP)
No No
Systems Workgroup Modular Storage WMS
No No
Other Hi-Track Remote Monitoring system
No No
Other Remote Access Control Center (RACC)
No No
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 21
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 22
CVE-2015-0204 SAMBA: Security flaw in smbd file srvr daemon The following table references Hitachi Data Systems products and solutions affected by the worldwide security
issue known as CVE-2015-0240 Samba. Open items are actively updated; please review this table frequently for
new details.
(SAMBA)
Product Type Product Name Affected? Vulnerable? Version More Information
Networking Brocade No No FOS, NOS, BNA
VTL BusTech Under investigation by vendor
Networking Cisco Systems No No
Networking Emulex
Networking Qlogic No No
Software Application Protector
Software Arkivio Under investigation by vendor
Software Business Continuity Manager
Software CA Integration Module
Software Clinical Repository - Karos
Under investigation by vendor
Software Clinical Repository - Visbion
Under investigation by vendor
Software Command Director
Software Compute Systems Manager
Software Data Instance Manager
Software Data Protection Suite
Software Device Manager
Software Dual Active ID
Software Dynamic Link Manager
Software Dynamic Replicator Under investigation by vendor
Software e-Copy
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 23
(SAMBA)
Product Type Product Name Affected? Vulnerable? Version More Information
Software IT Operations Analyzer
Software IT Operations Analyzer Advance
Software IT Operations Director
Software IT Operations Integrator
Software IT Operations Repository
Software LPAR
Software Microsoft Adapters
Software NanoCopy
Software Oracle Adapters
Software Power Saving
Software Protection Manager
Software Replication Manager
Software Replication Monitor
Software SAP Adapters
Software Sepaton
Software Server Conductor
Software Seven10 Under investigation by vendor
Software SpectraLogic Under investigation by vendor
Software Storage Adapter for Petrel
Software Storage Navigator Modular 2
No No SNM2 does not contain Linux OS.
Software Storage Optimization for MS SharePoint
Software Storage Services Manager
Software
Storage Viewer Suite
Backup Services Manager (HBSM)
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 24
(SAMBA)
Product Type Product Name Affected? Vulnerable? Version More Information
Storage Capacity Reporter (HSCR)
Storage Fabric Reporter (HSFR)
Virtual Server Reporter (HVSR)
File Analytics Reporter (HFAR)
Software StorFirst Apollo
Software Streaming Data Platform
Software Symantec Adapters
Software Tiered Storage Manager
Software Tiered Storage Manager for MF
Software Tuning Manager
Software TurboLUN
Software UCP Orchestration Software
Software Virtual Infrastructure Integrator
Software Virtual Tape Library Diligent
VTL Virtual Tape Library FalconStor
Low attach rate. Working on patch.
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 25
(SAMBA)
Product Type Product Name Affected? Vulnerable? Version More Information
Software VMware Adapters
Software Zone Allocation Manager
Systems Adaptable Modular Storage (AMS)
No No
Product does not contain Linux OS
Systems Adaptable Modular Storage 2000
No No Product does not contain Linux OS
Systems Capacity Optimization
Systems Compute Blade 2000 No No N/A
Systems Compute Blade 500 No No N/A
Systems Compute Blade 320 No No N/A
Systems Compute Rack 210H/220H/220S
No No N/A
Systems Compute Rack 220 No No N/A
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 26
(SAMBA)
Product Type Product Name Affected? Vulnerable? Version More Information
File & Content Content Platform (HCP)
HCP 6.x and HCP 7.x systems using the CIFS namespace gateway with Active Directory authentication are vulnerable. A fix for this vulnerability will be included in the 7.1.1 maintenance release and a hotfix for 6.x will be available by 3wwwww March 31st.
File & Content Content Platform Anywhere (HCP-AW)
HCP Anywhere does not run Samba and is not vulnerable
File & Content HCP S Nodes Under review.
Systems Data Discovery Suite
Systems Data Discovery Suite for MS SharePoint
File & Content Data Ingestor and HNAS Platform F
Yes Yes All
HDI Engineering will include a fix
for this vulnerability in a
maintenance release 5.1.1-04.
Customers are encouraged to
upgrade to this release. The
maintenance release is expected
to be delivered to HDS on March
18, 2015.
Systems Essential NAS Platform
Systems Hitachi Universal Storage VM
No No Product does not contain Linux OS
File & Content HUS File Module No No Does not include Samba
Systems HyperStor
File & Content NAS 3x00 (Titan) No No No LINUX
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 27
(SAMBA)
Product Type Product Name Affected? Vulnerable? Version More Information
File & Content NAS 30x0 (Mercury) No No Does not include Samba
File & Content NAS 4000 Series No No Does not include Samba
File & Content SMU No No Does not include Samba
Systems Network Storage Controller (NSC55)
No No Product does not contain Linux OS
Systems Simple Modular Storage (SMS)
No No Product does not contain Linux OS
Systems UCP for Microsoft Exchange
Systems UCP Select for Microsoft SQL Server
Systems UCP Select for Oracle Database
Systems UCP Pro (UCP 4000 / 4000e) for VMware vSphere
Systems
UCP Pro (UCP 4000/4000e) for Microsoft Private Cloud
Systems UCP Select for SAP HANA
Systems
UCP Select for VMware View
Systems UCP Select for VMware vSphere
Systems Unified Storage File Module (HUS FM)
No No Does not include Samba
Systems Unified Storage (HUS) No No Product does not contain Linux OS
Systems Unified Storage VM (HUS VM)
No No Product does not contain Linux OS
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 28
(SAMBA)
Product Type Product Name Affected? Vulnerable? Version More Information
Systems Universal Storage Platform V (USP V)
No No Product does not contain Linux OS
Systems
Universal Storage Platform VM (USP VM)
No No Product does not contain Linux OS
Systems
Hitachi Virtual Storage Platform G1000 (VSP G1000)
No No Product does not contain Linux OS
Systems Virtual Storage Platform (VSP)
No No Product does not contain Linux OS
Systems Workgroup Modular Storage WMS
No No Product does not contain Linux OS
Other Hi-Track Remote Monitoring system
No No
Other Remote Access Control Center (RACC)
No No RACC does not support Linux
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 29
CVE-2015-0235 GHOST: glibc gethostbyname Buffer Overflow The following table references Hitachi Data Systems products and solutions affected by the worldwide
security issue known as NTP. Open items are actively updated; please review this table frequently for new
details.
(GHOST)
Product Type Product Name Affected? Vulnerable? Version More Information
Networking Brocade No No FOS, NOS , BNA
http://www.brocade.com/downloads/documents/technical_support_bulletins/brocade-assessment-gnu-c-library-sa.pdf
VTL BusTech Vendor investigation 1/27/15
Networking Cisco Systems Yes Yes NXOS v6.x, v5.x Bug CSCus68360 is fixed in v5.2(8f) and 6.2(11b)
Networking Emulex
Networking Qlogic No No
Software Application Protector
Software Arkivio Vendor investigation 1/27/15
Software Business Continuity Manager
No No BCM does not utilize glibc
Software CA Integration Module
Software Clinical Repository - Karos
Vendor investigation 1/27/15
Software Clinical Repository - Visbion
Vendor investigation 1/27/15
Software Command Director
Software Compute Systems Manager
Software Data Instance Manager
Software Data Protection Suite Yes Yes Fixed with Service Pak 9
http://documentation.commvault
.com/commvault/v10/article?p=a
nnouncement/announcements.ht
m
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 30
(GHOST)
Product Type Product Name Affected? Vulnerable? Version More Information
Software Device Manager
Software Dual Active ID
Software Dynamic Link Manager
Software Dynamic Replicator Vendor investigation 1/27/15
Software e-Copy
Software IT Operations Analyzer
Software IT Operations Analyzer Advance
Software IT Operations Director
Software IT Operations Integrator
Software IT Operations Repository
Software LPAR Tbd Tbd Updated expected 3-Feb-14 for: CB 2500, CB 2000, CB 500,
CB 320
Software Microsoft Adapters
Software NanoCopy
Software Oracle Adapters
Software Power Saving
Software Protection Manager
Software Replication Manager
Software Replication Monitor
Software SAP Adapters
Software Sepaton
Software Server Conductor
Software Seven10 Vendor investigation 1/27/15
Software SpectraLogic Vendor investigation 1/27/15
Software Storage Adapter for Petrel
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 31
(GHOST)
Product Type Product Name Affected? Vulnerable? Version More Information
Software Storage Navigator Modular 2
No No
SNM2 does not contain Linux OS/glibc. Recommend customer upgrade to fixed OS/glibc and then restart SNM2 service.
Software Storage Optimization for MS SharePoint
No No
Software Storage Services Manager
Software
Storage Viewer Suite
Backup Services Manager (HBSM)
Storage Capacity Reporter (HSCR)
Storage Fabric Reporter (HSFR)
Virtual Server Reporter (HVSR)
File Analytics Reporter (HFAR)
Software StorFirst Apollo
Software Streaming Data Platform
Software Symantec Adapters
Software Tiered Storage Manager
Software Tiered Storage Manager for MF
Software Tuning Manager
Software TurboLUN
Software UCP Orchestration Software
Yes Yes ALL
Under Investigation
Software Virtual Infrastructure Integrator
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 32
(GHOST)
Product Type Product Name Affected? Vulnerable? Version More Information
Software Virtual Tape Library Diligent
VTL Virtual Tape Library FalconStor
You can download the patches from the FalconStor Customer Support Portal. update-rhel5x06 for CDP
update-rhel5x06 for NSS
update-rhel5x06 for VTL/SIR
update-rhel5x06 for VTL/SIR
update-rhel5x06 for VTL/SIR
update-rhel5x06 for VTL/SIR
Software VMware Adapters
Software Zone Allocation Manager
Systems Adaptable Modular Storage (AMS)
No No
Product does not contain Linux OS, nor glibc library
Systems Adaptable Modular Storage 2000
No No Product does not contain Linux OS, nor glibc library
Systems Capacity Optimization
Systems Compute Blade and Compute Rack Products
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 33
(GHOST)
Product Type Product Name Affected? Vulnerable? Version More Information
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 34
(GHOST)
Product Type Product Name Affected? Vulnerable? Version More Information
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 35
(GHOST)
Product Type Product Name Affected? Vulnerable? Version More Information
File & Content Content Platform (HCP) Yes No All
HCP is running impacted versions
of the glibc libraries, however the
vulnerability described in CVE-
2015-0235 is not exploitable via
any HCP gateways (SSH).
File & Content Content Platform Anywhere (HCP-AW)
Yes No
HCP Anywhere versions 1.3 and
earlier are running impacted
versions of the glibc libraries.
However the vulnerability
described in CVE-2015-0235 is
not exploitable via any HCP
Anywhere gateways. The glibc
libraries will be updated to the
latest non-impacted version in
the 2.0 release of HCP Anywhere
which is scheduled for GA on
March 6, 2015.
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 36
(GHOST)
Product Type Product Name Affected? Vulnerable? Version More Information
Systems Data Discovery Suite Yes Yes All
HDDS does not use the gethostbyname function of the glibc, therefore under normal operations of HDDS, it is not affected. However, HDS and Red Hat recommend the installation of RHEL 6.2 as there is a security update which should be applied. "GHOST: glibc vulnerability (CVE-
2015-0235)
"https://access.redhat.com/articl
es/1332213
"glibc security update RHSA-
2015:0099"https://rhn.redhat.co
m/errata/RHSA-2015-0099.html
Systems Data Discovery Suite for MS SharePoint
No No
File & Content Data Ingestor and HNAS Platform F
Yes Yes All versions prior to 03-01-00-00
Yes. If the customer uses HDI
before 03-01-00-00, please
upgrade HDI before 03-01-00-00
to 03-01-00-00 or later.
File & Content Data Ingestor and HNAS Platform F
Yes No 03-01-00-00 and above
03-01-00-00 and above versions do not call any of the affected gethostbyname functions and FOS verifies the length of the hostname and rejects processing if the hostname variable is too long.
Systems Essential NAS Platform Yes Yes All No fix is currently planned. Customers should contact their Account team if a fix is required.
Systems Hitachi Universal Storage VM
No No Product does not contain Linux OS, nor glibc library
File & Content HUS File Module Yes No See Tech Bulletin - 82081
Systems HyperStor
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 37
(GHOST)
Product Type Product Name Affected? Vulnerable? Version More Information
File & Content NAS 3x00 (Titan) No No No LINUX
File & Content NAS 30x0 (Mercury) Yes No See Tech Bulletin - 82081
File & Content NAS 4000 Series Yes No See Tech Bulletin - 82081
File & Content SMU Yes No See Tech Bulletin - 82081
Systems Network Storage Controller (NSC55)
No No Product does not contain Linux OS, nor glibc library
Systems Simple Modular Storage (SMS)
No No Product does not contain Linux OS, nor glibc library
Systems UCP for Microsoft Exchange
No No
Systems UCP Select for Microsoft SQL Server
No No
Systems UCP Select for Oracle Database
No No
Systems UCP Pro (UCP 4000 / 4000e) for VMware vSphere
Yes Yes Fix currently being developed. (1/28/15)
Systems
UCP Pro (UCP 4000/4000e) for Microsoft Private Cloud
Yes Yes Fix currently being developed. (1/28/15)
Systems UCP Select for SAP HANA
Yes Yes
SUSE Linux Enterprise 11 and older products. Patches have been released and can be found at: This Link
Systems
UCP Select for VMware View
No No
Systems UCP Select for VMware vSphere
No No
Systems Unified Storage File Module (HUS FM)
Yes No See Tech Bulletin - 82081
Systems Unified Storage (HUS) No No Product does not contain Linux OS, nor glibc library
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 38
(GHOST)
Product Type Product Name Affected? Vulnerable? Version More Information
Systems Unified Storage VM (HUS VM)
No No Product does not contain Linux OS, nor glibc library
Universal Storage Platform V
Systems (USP V) No No Product does not contain Linux OS, nor glibc library
Systems
Universal Storage Platform VM (USP VM)
No No Product does not contain Linux OS, nor glibc library
Systems
Hitachi Virtual Storage Platform G1000 (VSP G1000)
No No Product does not contain Linux OS, nor glibc library
Systems Virtual Storage Platform (VSP)
No No Product does not contain Linux OS, nor glibc library
Systems Workgroup Modular Storage WMS
No No Product does not contain Linux OS, nor glibc library
Other Hi-Track Remote Monitoring system
No No
Other Remote Access Control Center (RACC)
No No RACC does not support Linux
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 39
NTP (CVE-2014-9293 through CVE-2014-9296) The following table references Hitachi Data Systems products and solutions affected by the worldwide security
issue known as NTP. Open items are actively updated; please review this table frequently for new details.
(NTP)
Product Type Product Name Affected? Vulnerable? Version More Information
Networking Brocade No No FOS, NOS and BNA.
NTP VU#852879 Vulnerability Assessment for Brocade
VTL BusTech Vendor investigation 1/8/15
Networking Cisco Systems Yes Yes MDS products are affected
Bug ID CSCus26870 fixed in NXOS 5.2(8f), 6.2(11b)
Networking Emulex
Networking Qlogic No No
Software Application Protector
Software Arkivio Vendor investigation 1/8/15
Software Business Continuity Manager
No No Product does not utilize ntpd
Software CA Integration Module
Software Clinical Repository - Karos
Vendor investigation 1/8/15
Software Clinical Repository - Visbion
Vendor investigation 1/8/15
Software Command Director
Software Compute Systems Manager
Software Data Discovery Suite for MS SharePoint
Software Data Instance Manager
Software Data Protection Suite
Software Device Manager
Software Dual Active ID
Software Dynamic Link Manager
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 40
(NTP)
Product Type Product Name Affected? Vulnerable? Version More Information
Software Dynamic Replicator
No dependency on NTP for
Scout.(only if you use it to sync
with a time server for sync.
And you can get around these
security vulnerabilities by
updating the with latest NTP
RPMs
For RHEL, please look at :
https://rhn.redhat.com/errata/R
HSA-2014-2024.html
Software e-Copy
File & Content Extension Pack for Secure FTP
Software IT Operations Analyzer
Software IT Operations Analyzer Advance
Software IT Operations Director
Software IT Operations Integrator
Software IT Operations Repository
Software Microsoft Adapters
Software NanoCopy
Software Oracle Adapters
Software Power Saving
Software Protection Manager
Software Replication Manager
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 41
(NTP)
Product Type Product Name Affected? Vulnerable? Version More Information
Software Replication Monitor
Software SAP Adapters
Software Sepaton
Software Server Conductor
Software Seven10 Vendor investigation 1/8/15
Software SpectraLogic Yes Low Verde Tape not affected Disk low impact, however Patch being released. Fix in new version.
Software Storage Adapter for Petrel
Software Storage Navigator Modular 2
No No Product does not utilize ntpd
Software Storage Optimization for MS SharePoint
Software Storage Services Manager
Software
Storage Viewer Suite
Backup Services Manager (HBSM)
Storage Capacity Reporter (HSCR)
Storage Fabric Reporter (HSFR)
Virtual Server Reporter (HVSR)
File Analytics Reporter (HFAR)
Software StorFirst Apollo
Software Streaming Data Platform
Software Symantec Adapters
Software Tiered Storage Manager
Software Tiered Storage Manager for MF
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 42
(NTP)
Product Type Product Name Affected? Vulnerable? Version More Information
Software Tuning Manager
Software TurboLUN
Software UCP Orchestration Software
Yes Yes All Versions
Software Virtual Infrastructure Integrator
Software Virtual Tape Library Diligent
VTL Virtual Tape Library FalconStor
Affected. Working on patch for current version, addressed in future versions. 1-8-15
Software VMware Adapters
Software Zone Allocation Manager
Systems Adaptable Modular Storage (AMS)
No No Product does not utilize ntpd
Systems Adaptable Modular Storage 2000
No No Product does not utilize ntpd
Systems Capacity Optimization
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 43
(NTP)
Product Type Product Name Affected? Vulnerable? Version More Information
Systems
Compute Blade and Compute Rack Products
CVE-2014-9294 is not applicable to any product
CVE-2014-9296 is not applicable to any product
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 44
(NTP)
Product Type Product Name Affected? Vulnerable? Version More Information
File & Content Content Platform (HCP) and Content Platform Anywhere (HCP-AW)
No No
External time servers connected to HCP should be secure and trusted servers that should be updated to NTP 4.2.8 or greater
Systems Data Discovery Suite
Systems Data Discovery Suite for MS SharePoint
File & Content Data Ingestor No No
System does not use Key Authentication and discards connection requests exploited by vulnerability
Systems Hitachi Universal Storage VM
No No Product does not utilize ntpd
File & Content HUS File Module Yes
Systems HyperStor
File & Content NAS 3x00 (Titan) No No Not a LINUX base, custom NTP
File & Content NAS 30x0 (Mercury) Yes Limited (no Internet)
All GA Fix will be available in 12.1MR (TBD) in Feb 2015
File & Content NAS 4000 Series Yes Limited (no Internet)
All GA Fix will be available in 12.1MR (TBD) in Feb 2015
File & Content SMU Yes Limited (no Internet) All GA
Fix will be available in SMU 12.1.3613.08, 12.2.3753.07 in Feb 2015
File & Content NAS Platform F No No
System does not use Key Authentication and discards connection requests exploited by vulnerability
Systems Network Storage Controller (NSC55)
No No Product does not utilize ntpd
Systems Simple Modular Storage (SMS)
No No Product does not utilize ntpd
Systems UCP for Microsoft Exchange
No No NTP issue is found in UCP Director only.
Systems UCP Select for Microsoft SQL Server
No No NTP issue is found in UCP Director only.
Systems UCP Select for Oracle Database
No No NTP issue is found in UCP Director only.
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 45
(NTP)
Product Type Product Name Affected? Vulnerable? Version More Information
Systems UCP Pro (UCP 4000 / 4000e) for VMware vSphere
Yes Yes NTP issue is found in UCP Director only.
Systems
UCP Pro (UCP 4000/4000e) for Microsoft Private Cloud
No No NTP issue is found in UCP Director only.
Systems UCP Select for SAP HANA
No
No
NTP issue is found in UCP Director only.
Systems
UCP Select for VMware View
No No NTP issue is found in UCP Director only.
Systems UCP Select for VMware vSphere
No No NTP issue is found in UCP Director only.
Systems Unified Storage File Module (HUS FM)
Systems Unified Storage (HUS) No No Product does not utilize ntpd
Systems Unified Storage VM (HUS VM)
No No Product does not utilize ntpd
Universal Storage Platform V
No No Product does not utilize ntpd
Systems (USP V)
Systems
Universal Storage Platform VM (USP VM)
No
No
Product does not utilize ntpd
Systems
Hitachi Virtual Storage Platform G1000 (VSP G1000)
No No Product does not utilize ntpd
Systems Virtual Storage Platform (VSP)
No No Product does not utilize ntpd
Systems Workgroup Modular Storage WMS
No No Product does not utilize ntpd
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 46
(NTP)
Product Type Product Name Affected? Vulnerable? Version More Information
Other Hi-Track Remote Monitoring system
No No
Other Remote Access Control Center (RACC)
No No
Poodle CVE-2014-3566 The following table references Hitachi Data Systems products and solutions affected by the worldwide security
issue known as Poodle. Open items are actively updated; please review this table frequently for new details.
(POODLE)
Product Type
Product Name Affected? Vulnerable? Version More Information
Networking Brocade Yes Yes FOS 6.x FOS 7.x
Fix issued in the following FOS releases: 6.4.3g; 7.02f; 7.1.2c; 7.2.1d; 7.3.0c
VTL BusTech Under Investigation as of 10-16
Networking Cisco Systems Yes Yes NX-OS 5.x; 6.x
Fixed in the following NXOS releases: 5.2(8e), 6.2(9a) and 6.2(11b)
Networking Emulex No No
Networking Qlogic Yes Yes 8.0.14.12 and below
Fixed in firmware 8.0.14.13.00
Software Application Protector
Software Arkivio Under Investigation as of 10-16
Software Business Continuity Manager
Yes No All BCM does not use SSL, but IBM HTTP Server (HIS) uses SSL communications between BCM and HRpM. IBM recommends disabling SSL v3.
Software CA Integration Module
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 47
(POODLE)
Product Type
Product Name Affected? Vulnerable? Version More Information
Software Clinical Repository - Karos
Yes Low Has statement.
Software Clinical Repository - Visbion
No Under Investigation as of 10-16
Software Command Director No
Software Compute Systems Manager
Yes Need to disable SSL v3 on server side and use other secure communication method with client side.
Software Data Discovery Suite for MS SharePoint
Software Data Instance Manager
Software Data Protection Suite
Software Device Manager Yes Need to disable SSL v3 on server side and use other secure communication method with client side.
Software Dual Active ID
Software Dynamic Link Manager
No Need to disable SSL v3 on server side and use other secure communication method with client side.
Software Dynamic Replicator Under Investigation as of 10-16.
Software e-Copy
File & Content
Extension Pack for Secure FTP
Software IT Operations Analyzer
Yes Need to disable SSL v3 on server side and use other secure communication method with client side.
Software IT Operations Analyzer Advance
Yes Need to disable SSL v3 on server side and use other secure communication method with client side.
Software IT Operations Director Yes Need to disable SSL v3 on server side and use other secure communication method with client side.
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 48
(POODLE)
Product Type
Product Name Affected? Vulnerable? Version More Information
Software IT Operations Integrator
No Need to disable SSL v3 on server side and use other secure communication method with client side.
Software IT Operations Repository
No Need to disable SSL v3 on server side and use other secure communication method with client side.
Software Microsoft Adapters
Software NanoCopy
Software Oracle Adapters
Software Power Saving
Software Protection Manager
Software Replication Manager Yes Need to disable SSL v3 on server side and use other secure communication method with client side.
Software Replication Monitor
Software SAP Adapters Under Investigation as of 10-16
Software Sepaton
Software Server Conductor
Software Seven10 No
Software SpectraLogic Under Investigation as of 10-16
Software Storage Adapter for Petrel
Software Storage Navigator Modular 2
Yes Low Risk
V4 and above for DF850 V21 and above for DF800
SNM2 GUI is affected (NOT CLI, NOT API). Fix schedule TBD, Alert pending. Suggest disabling SSL v3 in web browser for interim
Software Storage Optimization for MS SharePoint
Software Storage Services Manager
Software
Storage Viewer Suite
Backup Services Manager (HBSM)
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 49
(POODLE)
Product Type
Product Name Affected? Vulnerable? Version More Information
Storage Capacity Reporter (HSCR)
Storage Fabric Reporter (HSFR)
Virtual Server Reporter (HVSR)
File Analytics Reporter (HFAR)
Software StorFirst Apollo
Software Streaming Data Platform
No
Software Symantec Adapters
Software Tiered Storage Manager
Yes Need to disable SSL v3 on server side and use other secure communication method with client side.
Software Tiered Storage Manager for MF
Software Tuning Manager Yes Need to disable SSL v3 on server side and use other secure communication method with client side.
Software TurboLUN
Software UCP Orchestration Software
Software Virtual Infrastructure Integrator
Software Virtual Tape Library Diligent
VTL Virtual Tape Library FalconStor
Not affected
Software VMware Adapters
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 50
(POODLE)
Product Type
Product Name Affected? Vulnerable? Version More Information
Software Zone Allocation Manager
Systems Adaptable/Workgroup Modular Storage (AMS/WMS)
Not affected
Systems Adaptable Modular Storage 2000
Yes Low Risk V04 and later
082030
Systems Capacity Optimization
Systems Compute Blade 2000
Systems Compute Blade 500
Systems Compute Blade 320
Systems Compute Rack 210H/220H/220S
Systems Compute Rack 220
File & Content
Content Platform (HCP) and Content Platform Anywhere (HCP-AW)
081645
Systems Data Discovery Suite
Systems Data Discovery Suite for MS SharePoint
File & Content
Data Ingestor Yes Low Risk All Fix schedule TBD
File & Content
High-performance NAS Platform
Systems Hitachi Universal Storage VM
Yes Low Risk All 81729
File & Content
HUS File Module
Systems HyperStor
File & Content
NAS 3x00 (Titan) YES Low Risk Release 8.x
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 51
(POODLE)
Product Type
Product Name Affected? Vulnerable? Version More Information
File & Content
NAS 30x0 (Mercury) YES Low Risk Prior to 12.1
File & Content
NAS 4000 Series YES Low Risk Prior to 12.1
File & Content
SMU YES Low Risk Prior to 12.2
File & Content
NAS Platform F Yes Low Risk All Fix schedule TBD
Systems Network Storage Controller (NSC55)
TBD
Systems Simple Modular Storage (SMS)
Yes Low Risk V04 and later
Fix schedule TBD, Alert pending
File & Content
Titan
Systems UCP for Microsoft Exchange
Systems UCP for Microsoft SQL Server
Systems UCP for Oracle Database
Systems UCP Pro for VMware vSphere
Systems Systems
UCP Pro for VMware vSphere UCP Select for Citrix XenDesktop
Systems Systems Systems
UCP Pro for VMware vSphere UCP Select for Citrix XenDesktop UCP Select for Microsoft Private Cloud
Systems UCP Select for Oracle
Systems UCP Select for SAP HANA
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 52
(POODLE)
Product Type
Product Name Affected? Vulnerable? Version More Information
Systems Systems
UCP Select for SAP HANA UCP Select for VMware View
Systems Systems Systems
UCP Select for SAP HANA UCP Select for VMware View UCP Select for VMware vSphere
Systems Unified Storage (HUS) Yes Low Risk All 082030
File & Content
Unified Storage File Module (HUS FM)
Systems Unified Storage VM (HUS VM)
Yes Low Risk All 81729
Systems
Universal Storage Platform V
Yes
Low Risk
All 81729
(USP V)
Systems Universal Storage Platform VM (USP VM)
Yes Low Risk All 81729
Systems Hitachi Virtual Storage Platform G1000 (VSP G1000)
Yes Low Risk All Only SMI-S is affected (SN/SVP not affected), 81729
Systems Virtual Storage Platform (VSP)
Yes Low Risk All 81729
Other Hi-Track Remote Monitoring system
No No
Other Remote Access Control Center (RACC)
No No
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 53
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 54
Shellshock CVE-2014-6271 The following table references Hitachi Data Systems products and solutions affected by the worldwide security issue known as Shellshock. Open items are actively updated; please review this table frequently for new details.
(Shellshock)
Product Type Product Name Affected? Vulnerable? Version More Information
Networking Brocade Yes Yes FOS 6.x, 7.x Fixed in FOS 6.4.3g; 7.1.2b; 7.2.1d; 7.3.0b
VTL BusTech TBD Under investigation
Networking Cisco Systems Yes Yes NXOS 5.x; 6.x
Fixed in NXOS 5.2(8e); 6.2(9a)
Networking Ctera No
Networking Emulex No No
Networking Qlogic Yes Yes 8.0.14.12 and below
Fixed in firmware 8.0.14.13.00
Software Application Protector
TBD
Software Arkivio TBD Under investigation
Software Business Continuity Manager
TBD
Software CA Integration Module
TBD
Software Clinical Repository - Karos
No
Software Clinical Repository - Visbion
No
Software Command Director
No
Software Compute Systems Manager
No
Software Data Discovery Suite for MS SharePoint
TBD
Software Data Instance Manager
TBD
Software Data Protection Suite
TBD
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 55
(Shellshock)
Product Type Product Name Affected? Vulnerable? Version More Information
Software Device Manager No
Software Dual Active ID TBD
Software Dynamic Link Manager
No
Software Dynamic Replicator
No Under investigation
Software e-Copy TBD
File & Content Extension Pack for Secure FTP
Yes No Alert #81524
Software IT Operations Analyzer
TBD
Software IT Operations Analyzer Advance
TBD
Software IT Operations Director
TBD
Software IT Operations Integrator
TBD
Software IT Operations Repository
TBD
Software Microsoft Adapters
TBD
Software NanoCopy TBD
Software Oracle Adapters TBD
Software Power Saving TBD
Software Protection Manager
No
Software Replication Manager
No
Software Replication Monitor
No
Software SAP Adapters TBD
Software Sepaton TBD
Software Server Conductor
TBD
Software Seven10 No
Software SpectraLogic TBD
Software Storage Adapter for Petrel
TBD
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 56
(Shellshock)
Product Type Product Name Affected? Vulnerable? Version More Information
Software Storage Navigator Modular 2
No No 81554
Software Storage Optimization for MS SharePoint
TBD
Software Storage Services Manager
TBD
Software Storage Viewer Suite Backup Services Manager (HBSM) Storage Capacity Reporter (HSCR) Storage Fabric Reporter (HSFR) Virtual Server Reporter (HVSR) File Analytics Reporter (HFAR)
No
Software StorFirst Apollo No
Software Streaming Data Platform
TBD
Software Symantec Adapters
TBD
Software Tiered Storage Manager
No
Software Tiered Storage Manager for MF
No
Software Tuning Manager No
Software TurboLUN TBD
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 57
(Shellshock)
Product Type Product Name Affected? Vulnerable? Version More Information
Software UCP Orchestration Software
Yes Yes If you are using versions of Bash in operating systems based on SUSE Linux Enterprise 9, 10 or 11, your servers are potentially at risk. If your systems are compromised, we recommend that you patch your systems right away. Follow this link for the security update from SUSE:
https://www.suse.com/support/update/announcement/2014/suse-su-20141247-1.html
Software Virtual Infrastructure Integrator
TBD
Software Virtual Tape Library Diligent
TBD
VTL Virtual Tape Library FalconStor
Yes Yes Current Patch is available on falconstore.com
Software VMware Adapters
TBD
Software Zone Allocation Manager
TBD
Systems Adaptable Modular Storage (AMS)
No
No 81554
Systems Adaptable Modular Storage 2000
No No 81554
Systems Capacity Optimization
TBD
Systems Compute Blade 2000
No No N/A
Systems Compute Blade 500
No No N/A
Systems Compute Blade 320
No No N/A
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 58
(Shellshock)
Product Type Product Name Affected? Vulnerable? Version More Information
Systems Compute Rack 210H/220H/220S
No No N/A
Systems Compute Rack 220
No No N/A
File & Content Content Platform (HCP) and Content Platform Anywhere (HCP-AW)
No No All Alert #81528
Systems Data Discovery Suite
No Dependent Customer responsible to patch Red Hat Linux installation
Systems Data Discovery Suite for MS SharePoint
No
File & Content Data Ingestor Yes No All Alert #81520
File & Content High-performance NAS Platform
Yes No Alert #81511
Systems Hitachi Universal Storage VM
No No 81554
File & Content HUS File Module
Yes No Alert #81511
Systems HyperStor TBD
File & Content Mercury Yes No Alert #81511
File & Content NAS 4000 Series Yes No Alert #81511
File & Content NAS Platform Yes No Alert #81511
File & Content NAS Platform F Yes No Alert #81528
Systems Network Storage Controller (NSC55)
No No 81554
Systems Simple Modular Storage (SMS)
No No 81554
File & Content Titan Yes No Alert #81511
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 59
(Shellshock)
Product Type Product Name Affected? Vulnerable? Version More Information
Systems UCP for Microsoft Exchange
No No
Systems UCP for Microsoft SQL Server
No No
Systems UCP for Oracle Database
No No
Systems UCP Pro for VMware vSphere
Yes Yes Under investigation
Systems UCP Select for Citrix XenDesktop
No No
Systems UCP Select for Microsoft Private Cloud
No No
Systems UCP Select for Oracle
No No
Systems UCP Select for SAP HANA
Yes Yes SUSE Linux Enterprise 9, 10, 11
If you are using versions of Bash in operating systems based on SUSE Linux Enterprise 9, 10 or 11, your servers are potentially at risk. If your systems are compromised, we recommend that you patch your systems right away. Follow this link for the security update from SUSE:
https://www.suse.com/support/update/announcement/2014/suse-su-20141247-1.html
Systems UCP Select for VMware View
No No
Systems UCP Select for VMware vSphere
No No
Systems Unified Storage (HUS)
No No 81554
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 60
(Shellshock)
Product Type Product Name Affected? Vulnerable? Version More Information
File & Content Unified Storage File Module (HUS FM)
Yes No 81511
Systems Unified Storage VM (HUS VM)
No No 81554
Systems Universal Storage Platform V (USP V)
No No 81554
Systems Universal Storage Platform VM (USP VM)
No No 81554
Systems Hitachi Virtual Storage Platform G1000 (VSP G1000)
No No 81554
Systems Virtual Storage Platform (VSP)
No No 81554
Systems Workgroup Modular Storage WMS
No No 81554
Other Hi-Track Remote Monitoring system
No No
Other Remote Access Control Center (RACC)
No No
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 61
OpenSSL Heartbleed The following table references Hitachi Data Systems products and accessories affected by the worldwide security issue known as OpenSSL Heartbleed. Open items are actively updated; please review this table frequently for new details.
(Heartbleed)
Product Type Product Name Affected? Version More Information Networking Asempra No
Networking Brocade No FOS, NOS, BNA
Networking BusTech No
Networking Ciena No
Networking Cisco Systems No
See Cisco.com. Advisory ID: cisco-sa-20140409-heartbleed
Networking Ctera No
Networking Emulex No
Networking Qlogic No
Software Application Protector No
Software Arkivio No
Software Business Continuity Manager
Software CA Integration Module
Software Clinical Repository - Karos No
Software Clinical Repository - Visbion Yes v1, v2 680669
Software Command Director No
Software Compute Systems Manager No
Software Data Discovery Suite for MS SharePoint No
Software Data Instance Manager No
Software Data Protection Suite No
Software Device Manager No
Software Dual Active ID
Software Dynamic Link Manager No
Software Dynamic Replicator
Software e-Copy
Software Extension Pack for Secure FTP Yes All Patch Available April 14, 2014
Software IT Operations Analyzer No
Software IT Operations Analyzer Advance No
Software IT Operations Director No
Software IT Operations Integrator No
Software IT Operations Repository No
Software Microsoft Adapters No
Software NanoCopy
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 62
(Heartbleed)
Product Type Product Name Affected? Version More Information Software Oracle Adapters No
Software Power Saving
Software Protection Manager No
Software Replication Manager No
Software Replication Monitor No
Software SAP Adapters No
Software Sepaton No
Software Server Conductor
Software Seven10 No
Software SpectraLogic No
Software Storage Adapter for Petrel
Software Storage Navigator Modular 2 No
Software Storage Optimization for MS SharePoint
Software Storage Services Manager
Software Storage Viewer Suite Backup Services Manager (HBSM) Storage Capacity Reporter (HSCR) Storage Fabric Reporter (HSFR) Virtual Server Reporter (HVSR) File Analytics Reporter (HFAR)
No
Software StorFirst Apollo
Software Streaming Data Platform
Software Symantec Adapters No
Software Tiered Storage Manager No
Software Tiered Storage Manager for MF No
Software Tuning Manager No
Software TurboLUN
Software UCP Orchestration Software Yes 2.x, 3.x 080667
Software Virtual Infrastructure Integrator No
Software Virtual Tape Library Diligent No
Software Virtual Tape Library FalconStor No
Software VMware Adapters No
Software Zone Allocation Manager
Systems 5700 Series No
Systems 5800 Series No
Systems 7000 Series No
Systems 9200 Series No
Systems 9500 V Series No
Systems 9900 Series No
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 63
(Heartbleed)
Product Type Product Name Affected? Version More Information Systems 9900 V Series No
Systems Adaptable Modular Storage (AMS) No
Systems Adaptable Modular Storage 2000 No
Systems Capacity Optimization
Systems Compute Blade 2000 Yes 080852
Systems Compute Blade 500 Yes 080850
Systems Compute Blade 320 No
Systems Compute Rack 210H/220H/220S Yes 080854
Systems Compute Rack 220 No
Systems Content Archive Platform No
Systems Content Platform (HCP) No
Systems Content Platform Anywhere (HCP-AW) No
Systems Data Discovery Suite No
Systems Data Discovery Suite for MS SharePoint No
Systems Data Ingestor No
Systems Essential NAS Platform No
Systems High-performance NAS Platform No
Systems Hitachi Universal Storage VM Yes
Systems HUS File Module Yes 11.1.3200.00 + 080654
Systems HyperStor
Systems Mercury Yes 11.1.3200.00 + 080654
Systems NAS 4000 Series Yes 11.1.3200.00 + 080654
Systems NAS Platform Yes 11.1.3200.00 + 080654
Systems NAS Platform F No
Systems Network Storage Controller (NSC55) No
Systems Simple Modular Storage (SMS) No
Systems Titan No
Systems UCP for Microsoft Exchange No
Systems UCP for Microsoft SQL Server No
Systems UCP for Oracle Database No
Systems UCP Pro for VMware vSphere Yes 080667
Systems UCP Select for Citrix XenDesktop No
Systems UCP Select for Microsoft Private Cloud No
Systems UCP Select for Oracle No
Systems UCP Select for SAP HANA Yes Scale-Out solutions use HNAS.
-
L a s t M o d i f i e d : 7 - M a y 2 0 1 5
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 64
(Heartbleed)
Product Type Product Name Affected? Version More Information Please refer to HNAS product for resolution. 080654
Systems UCP Select for VMware View Yes VMware 5.5 See VMware.com; No for VMware 5.1
Systems UCP Select for VMware vSphere Yes VMware 5.5 See VMware.com; No for VMware 5.1
Systems Unified Storage (HUS) No
Systems Unified Storage File Module (HUS FM) Yes 11.1.3200.00 + 080654
Systems Unified Storage VM (HUS VM) Yes OSS V03 080650
Systems Universal Storage Platform V (USP V) No
Systems Universal Storage Platform VM (USP VM) No
Systems Hitachi Virtual Storage Platform G1000 (VSP G1000) Yes OSS V01 080650
Systems Virtual Storage Platform (VSP) Yes OSS V06 080650
Systems Workgroup Modular Storage WMS No
Other Hi-Track Remote Monitoring system No
Other Remote Access Control Center (RACC) No