Sie sind auf Seite 1von 64

L

a

s

t

M

o

d

i

f

i

e

d

:

7

-

M

a

y

2015

L a s t M o d i f i e d : 7 - M

Hitachi Data Systems Product Affectivity for Worldwide Security Vulnerabilities

Hitachi Data Systems continuously strives to provide you with the highest quality products and solutions. We take this responsibility very seriously. To this end, we constantly monitor our quality control and storage system test processes to ensure that our products are secure and operating at peak performance.

When worldwide security vulnerabilities are identified, our Product Engineering and Global Security teams review with our vendors any potential security threats that the vulnerability may pose within Hitachi Data Systems product and solution offerings. At the completion of the assessment Hitachi Data Systems releases product statements describing any exposure our customers may have to this issue. Our engineering teams prepare circumvention and software fixes for any product affected to ensure that you are protected.

A list of worldwide security vulnerabilities is included in the table below. Click the name of the vulnerability to view Hitachi Data Systems product affectivity matrix for that issue.

Security

Vulnerability

CVE-2015-1635

HTTP.sys Remote Code Execution Vulnerability

April 22, 2015

CVE-2015-0290 & CVE-2015-0291 Open SSL Vulnerability

March 30, 2015

FREAK vulnerability

(CVE-2015-0204)

March 4,2015

SAMBA

CVE-2015-0240

February 23, 2015

Description

Description
4,2015 SAMBA CVE-2015-0240 February 23, 2015 Description CVE-2015-1635 HTTP.sys Remote Code Execution Vulnerability:

CVE-2015-1635 HTTP.sys Remote Code Execution Vulnerability: HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability."

attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability."

CVE-2015-0290 & CVE-2015-0291 Open SSL Vulnerability: The multi-block feature in the ssl3_write_bytes function in s3_pkt.c in OpenSSL 1.0.2 before 1.0.2a on 64-bit x86 platforms with AES NI support does not properly handle certain non-blocking I/O cases, which allows remote attackers to cause a denial of service (pointer corruption and application crash) via unspecified vectors.

allows remote attackers to cause a denial of service (pointer corruption and application crash) via unspecified

CVE-2015-0204-FREAK: The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role.

downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant
downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant

CVE-2015-0240-Samba: is a security flaw in the smbd file server daemon. It can be exploited by a malicious Samba client by sending specially-crafted packets to the Samba server. No authentication is required to exploit this flaw. It can result in remotely controlled execution of arbitrary code as root.

authentication is required to exploit this flaw. It can result in remotely controlled execution of arbitrary
authentication is required to exploit this flaw. It can result in remotely controlled execution of arbitrary

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

1

L

a

s

t

M

o

d

i

f

i

e

d

:

7

-

M

a

y

2015

L a s t M o d i f i e d : 7 - M

Security

Description

Vulnerability

GHOST

CVE-2015-0235 -GHOST is a 'buffer overflow' Linux bug affecting the gethostbyname() and gethostbyname2() function calls in the glibc library. This vulnerability in Linux allows a remote attacker that is able to make an application call to either of these functions to execute arbitrary code with the permissions of the user running the application.

(CVE-2015-0235)

January 27, 2015

NTP

 

(CVE-2014-9293

Network Time Protocol (NTP) Vulnerability (CVE-2014-9293 through CVE-2014-9296): A remote attacker can send a carefully crafted packet that can overflow a stack buffer and potentially allow malicious code to be executed with the privilege level of the ntpd process.

through CVE-2014-

9296)

December 22, 2014

 

POODLE

Padding Oracle On Downgraded Legacy Encryption (POODLE): An attacker who acts as man-in-the-middle can force the SSL/TLS protocol to downgrade to version 3.0 if the attacked application supports this old SSL version. This legacy protocol is not secure. Depending on the application, it may be possible for an adversary to mount attacks that can lead to disclosure of secret data such as passwords or HTTP cookies.

CVE-2014-3566

September 2014

Shellshock

Shellshock CVE-2014-6271 (and the related issues CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE- 2014-6277, and CVE-2014-6278): This vulnerability affects UNIX-based Bash (Bourne shell) and has the potential to arbitrarily execute code within UNIX environments. Some native services and applications may allow remote unauthenticated attackers to provide environment variables and exploit this issue.

CVE-2014-6271

September 24, 2014

OpenSSL Heartbleed

OpenSSL Heartbleed: This is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected under normal conditions by the SSL/TLS encryption used to secure the internet. SSL/TLS provides communication security and privacy over the internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs). The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.

April 2014

CVE-2015-1635 HTTP.sys Remote Code Execution Vulnerability

The following table references Hitachi Data Systems products and solutions affected by the worldwide security issue known as CVE- 2015-1635 HTTP.sys Remote Code Execution Vulnerability. Open items are actively updated; please review this table frequently for new details.

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

2

L

a

s

t

M

o

d

i

f

i

e

d

:

7

-

M

a

y

2015

L a s t M o d i f i e d : 7 - M

(CVE-2015-1635) HTTP.sys Remote Code Execution Vulnerability

   

Product Type

Product Name

Affected?

Vulnerable?

Version

More Information

Networking

Brocade

       

VTL

BusTech

       

Networking

Cisco Systems

       

Networking

Emulex

       

Networking

Qlogic

       

Software

Application Protector

       

Software

Arkivio

       

Software

Business Continuity Manager

       

Software

CA Integration Module

       

Software

Clinical Repository - Karos

       

Software

Clinical Repository - Visbion

       

Software

Command Director

       
 

Compute Systems

       

Software

Manager

Software

Data Instance Manager

       

Software

Data Protection Suite

       

Software

Device Manager

       

Software

Dual Active ID

       

Software

Dynamic Link Manager

       

Software

Dynamic Replicator

       

Software

e-Copy

       

Software

IT Operations Analyzer

       

Software

IT Operations Analyzer Advance

       

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

3

L

a

s

t

M

o

d

i

f

i

e

d

:

7

-

M

a

y

2015

L a s t M o d i f i e d : 7 - M

(CVE-2015-1635) HTTP.sys Remote Code Execution Vulnerability

   

Product Type

Product Name

Affected?

Vulnerable?

Version

More Information

Software

IT Operations Director

       
 

IT Operations

       

Software

Integrator

 

IT Operations

       

Software

Repository

Software

LPAR

       

Software

Microsoft Adapters

       

Software

NanoCopy

       

Software

Oracle Adapters

       

Software

Power Saving

       

Software

Protection Manager

       

Software

Replication Manager

       

Software

Replication Monitor

       

Software

SAP Adapters

       

Software

Sepaton

       

Software

Server Conductor

       

Software

Seven10

       

Software

SpectraLogic

       

Software

Storage Adapter for Petrel

       
 

Storage Navigator

     

Recommend customer patch OS of management server, if applicable (see Microsoft MS15-

Software

Modular 2

No

No

034)

Software

Storage Optimization for MS SharePoint

       
 

Storage Services

       

Software

Manager

 

Storage Viewer Suite

       

Backup Services

Software

Manager (HBSM)

Storage Capacity

Reporter (HSCR)

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

4

L

a

s

t

M

o

d

i

f

i

e

d

:

7

-

M

a

y

2015

L a s t M o d i f i e d : 7 - M

(CVE-2015-1635) HTTP.sys Remote Code Execution Vulnerability

   

Product Type

Product Name

Affected?

Vulnerable?

Version

More Information

 

Storage Fabric Reporter (HSFR)

       

Virtual Server Reporter (HVSR)

File Analytics Reporter (HFAR)

Software

StorFirst Apollo

       
 

Streaming Data

       

Software

Platform

Software

Symantec Adapters

       
 

Tiered Storage

       

Software

Manager

Software

Tiered Storage Manager for MF

       

Software

Tuning Manager

       

Software

TurboLUN

       

UCP Orchestration Software

Software

Software

Virtual Infrastructure Integrator

       

Software

Virtual Tape Library Diligent

       

VTL

Virtual Tape Library FalconStor

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

5

L

a

s

t

M

o

d

i

f

i

e

d

:

7

-

M

a

y

2015

L a s t M o d i f i e d : 7 - M

(CVE-2015-1635) HTTP.sys Remote Code Execution Vulnerability

   

Product Type

Product Name

Affected?

Vulnerable?

Version

More Information

Software

VMware Adapters

       
 

Zone Allocation

       

Software

Manager

Systems

Adaptable Modular Storage (AMS)

No

No

 

System does not contain Windows OS.

Systems

Adaptable Modular Storage 2000

No

No

 

System does not contain Windows OS.

Systems

Capacity Optimization

       

File & Content

Content Platform (HCP)

No

No

   

File & Content

Content Platform Anywhere (HCP-AW)

No

No

   

File & Content

HCP S Nodes

No

No

   

Systems

Data Discovery Suite

       

Systems

Data Discovery Suite for MS SharePoint

       
         

HDI and HFSM do not use IIS7 where the vulnerability is found. HDI and HFSM use Hitachi Web Server for web services.

File & Content

Data Ingestor and HNAS Platform F

No

No

If HFSM is installed in a windows server where IIS7 is already running, attacker can attack the windows server through IIS7. In this case please apply a patch or workaround for the windows server.

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

6

L

a

s

t

M

o

d

i

f

i

e

d

:

7

-

M

a

y

2015

L a s t M o d i f i e d : 7 - M

(CVE-2015-1635) HTTP.sys Remote Code Execution Vulnerability

   

Product Type

Product Name

Affected?

Vulnerable?

Version

More Information

Systems

Essential NAS Platform

No

No

 

System does not contain Windows OS.

 

Hitachi Universal

     

System does not use affected versions of Windows OS.

Systems

Storage VM

No

No

File & Content

HUS File Module

No

No

 

System does not contain Windows OS.

Systems

HyperStor

       

File & Content

NAS 3x00 (Titan)

No

No

 

System does not contain Windows OS.

File & Content

NAS 30x0 (Mercury)

No

No

 

System does not contain Windows OS.

File & Content

NAS 4000 Series

No

No

 

System does not contain Windows OS.

File & Content

SMU

No

No

 

System does not contain Windows OS.

Systems

Network Storage Controller (NSC55)

No

No

 

System does not use affected versions of Windows OS.

 

Simple Modular

     

System does not contain Windows OS.

Systems

Storage (SMS)

No

No

Systems

UCP for Microsoft Exchange

Yes

Yes

ALL

Management Stack runs on Windows Server, mitigation under investigation.

Systems

UCP Select for Microsoft SQL Server

Yes

Yes

ALL

Management Stack runs on Windows Server, mitigation under investigation.

Systems

UCP Select for Oracle Database

Yes

Yes

ALL

Management Stack runs on Windows Server, mitigation under investigation.

Systems

UCP Pro (UCP 4000 / 4000e) for VMware vSphere

Yes

Yes

ALL

Management Stack runs on Windows Server, mitigation under investigation.

Systems

UCP Pro (UCP 4000/4000e) for Microsoft Private Cloud

Yes

Yes

ALL

Management Stack runs on Windows Server, mitigation under investigation.

Systems

UCP Select for SAP HANA

Yes

Yes

ALL

Management Stack runs on Windows Server, mitigation under investigation.

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

7

L

a

s

t

M

o

d

i

f

i

e

d

:

7

-

M

a

y

2015

L a s t M o d i f i e d : 7 - M

(CVE-2015-1635) HTTP.sys Remote Code Execution Vulnerability

   

Product Type

Product Name

Affected?

Vulnerable?

Version

More Information

Systems

UCP Select for VMware View

Yes

Yes

ALL

Management Stack runs on Windows Server, mitigation under investigation.

Systems

UCP Select for VMware vSphere

Yes

Yes

ALL

Management Stack runs on Windows Server, mitigation under investigation.

Systems

Unified Storage File Module (HUS FM)

No

No

 

System does not contain Windows OS.

Systems

Unified Storage (HUS)

No

No

 

System does not contain Windows OS.

Systems

Unified Storage VM (HUS VM)

No

No

 

System does not use affected versions of Windows OS.

Systems

Universal Storage Platform V (USP V)

No

No

 

System does not use affected versions of Windows OS.

Systems

Universal Storage Platform VM (USP VM)

No

No

 

System does not use affected versions of Windows OS.

Systems

Hitachi Virtual Storage Platform G1000 (VSP

No

No

 

SVP is Windows 7, however SVP does not use IIS as a webserver so unaffected. Regardless, patch MS15-034 is forthcoming next SVP Security Update CD (being processed).

G1000)

 

Virtual Storage

     

System does not use affected versions of Windows OS.

Systems

Platform (VSP)

No

No

Systems

Workgroup Modular Storage WMS

No

No

 

System does not contain Windows OS.

Other

Hi-Track Remote Monitoring system

No

No

 

Recommend customer patch OS of management server, if applicable (see Microsoft MS15-

034)

Other

Remote Access Control Center (RACC)

No

No

 

Recommend customer patch OS of management server, if applicable (see Microsoft MS15-

034)

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

8

L

a

s

t

M

o

d

i

f

i

e

d

:

7

-

M

a

y

2015

L a s t M o d i f i e d : 7 - M

CVE-2015-0290 & CVE-2015-0291 Open SSL Vulnerability

The following table references Hitachi Data Systems products and solutions affected by the worldwide security issue known as CVE- 2015-0290 & CVE-2015-0291 Open SSL Vulnerability. Open items are actively updated; please review this table frequently for new details.

(CVE-2015-0290/0291)

         

Product Type

Product Name

Affected?

Vulnerable?

Version

More Information

         

Networking

Brocade

No

No

FOS/NOS/BNA

VTL

BusTech

       

Networking

Cisco Systems

     

Under vendor investigation 3/27

Networking

Emulex

       

Networking

Qlogic

No

No

   

Software

Application Protector

       

Software

Arkivio

       

Software

Business Continuity Manager

No

No

 

System does not implement OpenSSL.

Software

CA Integration Module

       

Software

Clinical Repository - Karos

       

Software

Clinical Repository - Visbion

       

Software

Command Director

       
 

Compute Systems

       

Software

Manager

Software

Data Instance Manager

       

Software

Data Protection Suite

       

Software

Device Manager

       

Software

Dual Active ID

       

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

9

L

a

s

t

M

o

d

i

f

i

e

d

:

7

-

M

a

y

2015

L a s t M o d i f i e d : 7 - M

(CVE-2015-0290/0291)

         

Product Type

Product Name

Affected?

Vulnerable?

Version

More Information

Software

Dynamic Link Manager

       

Software

Dynamic Replicator

       

Software

e-Copy

       

Software

IT Operations Analyzer

       

Software

IT Operations Analyzer Advance

       

Software

IT Operations Director

       
 

IT Operations

       

Software

Integrator

 

IT Operations

       

Software

Repository

Software

LPAR

       

Software

Microsoft Adapters

       

Software

NanoCopy

       

Software

Oracle Adapters

       

Software

Power Saving

       

Software

Protection Manager

       

Software

Replication Manager

       

Software

Replication Monitor

       

Software

SAP Adapters

       

Software

Sepaton

       

Software

Server Conductor

       

Software

Seven10

       

Software

SpectraLogic

       

Software

Storage Adapter for Petrel

       
 

Storage Navigator

     

System does not implement OpenSSL 1.0.2

Software

Modular 2

No

No

Software

Storage Optimization for MS SharePoint

       

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

10

L

a

s

t

M

o

d

i

f

i

e

d

:

7

-

M

a

y

2015

L a s t M o d i f i e d : 7 - M

(CVE-2015-0290/0291)

         

Product Type

Product Name

Affected?

Vulnerable?

Version

More Information

 

Storage Services

       

Software

Manager

 

Storage Viewer Suite

       

Backup Services

Manager (HBSM)

Storage Capacity

Reporter (HSCR)

Software

Storage Fabric Reporter (HSFR)

Virtual Server Reporter (HVSR)

File Analytics Reporter (HFAR)

Software

StorFirst Apollo

       
 

Streaming Data

       

Software

Platform

Software

Symantec Adapters

       
 

Tiered Storage

       

Software

Manager

Software

Tiered Storage Manager for MF

       

Software

Tuning Manager

       

Software

TurboLUN

       

UCP Orchestration Software

Software

Software

Virtual Infrastructure Integrator

       

Software

Virtual Tape Library Diligent

       

VTL

Virtual Tape Library FalconStor

       

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

11

L

a

s

t

M

o

d

i

f

i

e

d

:

7

-

M

a

y

2015

L a s t M o d i f i e d : 7 - M

(CVE-2015-0290/0291)

         

Product Type

Product Name

Affected?

Vulnerable?

Version

More Information

Software

VMware Adapters

       
 

Zone Allocation

       

Software

Manager

Systems

Adaptable Modular Storage (AMS)

No

No

 

System does not implement OpenSSL 1.0.2

Systems

Adaptable Modular Storage 2000

No

No

 

System does not implement OpenSSL 1.0.2

Systems

Capacity Optimization

       

File & Content

Content Platform (HCP)

No

No

All

 

File & Content

Content Platform Anywhere (HCP-AW)

No

No

All

 

File & Content

HCP S Nodes

No

No

All

 

Systems

Data Discovery Suite

       

Systems

Data Discovery Suite for MS SharePoint

       
 

Data Ingestor and HNAS Platform F

     

Product does not implement OpenSSL 1.0.2

File & Content

No

No

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

12

L

a

s

t

M

o

d

i

f

i

e

d

:

7

-

M

a

y

2015

L a s t M o d i f i e d : 7 - M

(CVE-2015-0290/0291)

         

Product Type

Product Name

Affected?

Vulnerable?

Version

More Information

File & Content

Data Ingestor and HNAS Platform F

No

No

 

Product does not implement OpenSSL 1.0.2

Systems

Essential NAS Platform

       
 

Hitachi Universal

     

System does not implement OpenSSL 1.0.2

Systems

Storage VM

No

No

File & Content

HUS File Module

       

Systems

HyperStor

       

File & Content

NAS 3x00 (Titan)

       

File & Content

NAS 30x0 (Mercury)

       

File & Content

NAS 4000 Series

       

File & Content

SMU

       

Systems

Network Storage Controller (NSC55)

No

No

 

System does not implement OpenSSL 1.0.2

 

Simple Modular

     

System does not implement OpenSSL 1.0.2

Systems

Storage (SMS)

No

No

Systems

UCP for Microsoft Exchange

       

Systems

UCP Select for Microsoft SQL Server

       

Systems

UCP Select for Oracle Database

       

Systems

UCP Pro (UCP 4000 / 4000e) for VMware vSphere

       

Systems

UCP Pro (UCP 4000/4000e) for Microsoft Private Cloud

       

Systems

UCP Select for SAP HANA

       

Systems

UCP Select for VMware View

       

Systems

UCP Select for VMware vSphere

       

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

13

L

a

s

t

M

o

d

i

f

i

e

d

:

7

-

M

a

y

2015

L a s t M o d i f i e d : 7 - M

(CVE-2015-0290/0291)

         

Product Type

Product Name

Affected?

Vulnerable?

Version

More Information

Systems

Unified Storage File Module (HUS FM)

       

Systems

Unified Storage (HUS)

No

No

 

System does not implement OpenSSL 1.0.2

Systems

Unified Storage VM (HUS VM)

No

No

 

System does not implement OpenSSL 1.0.2

Systems

Universal Storage Platform V (USP V)

No

No

 

System does not implement OpenSSL 1.0.2

Systems

Universal Storage Platform VM (USP VM)

No

No

 

System does not implement OpenSSL 1.0.2

Systems

Hitachi Virtual Storage Platform G1000 (VSP

No

No

 

System does not implement OpenSSL 1.0.2

G1000)

 

Virtual Storage

     

System does not implement OpenSSL 1.0.2

Systems

Platform (VSP)

No

No

Systems

Workgroup Modular Storage WMS

No

No

 

System does not implement OpenSSL 1.0.2

Other

Hi-Track Remote Monitoring system

     

Under investigation

Other

Remote Access Control Center (RACC)

     

Under investigation

CVE-2015-0204 FREAK: Security flaw in Open SSL 1.0x

The following table references Hitachi Data Systems products and solutions affected by the worldwide security issue known as CVE-2015-0240 Samba. Open items are actively updated; please review this table frequently for new details.

(FREAK)

         

Product Type

Product Name

Affected?

Vulnerable?

Version

More Information

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

14

L

a

s

t

M

o

d

i

f

i

e

d

:

7

-

M

a

y

2015

L a s t M o d i f i e d : 7 - M

(FREAK)

         

Product Type

Product Name

Affected?

Vulnerable?

Version

More Information

   

FOS and

 

12.3.2 and lower if SSL is turned on.

 

Networking

Brocade

NOS not

affected

BNA 12.3.2

and lower.

Upgrade to BNA 12.3.4 or higher.

VTL

BusTech

       

Networking

Cisco Systems

Yes

Yes

 

Bug # CSCus42713 has been opened for this issue

Networking

Emulex

       

Networking

Qlogic

Yes

Yes

 

Firmware fix May ’15 timeframe

Software

Application Protector

       

Software

Arkivio

       

Software

Business Continuity Manager

       

Software

CA Integration Module

       

Software

Clinical Repository - Karos

       

Software

Clinical Repository - Visbion

       

Software

Command Director

       
 

Compute Systems

       

Software

Manager

Software

Data Instance Manager

       

Software

Data Protection Suite

       

Software

Device Manager

       

Software

Dual Active ID

       

Software

Dynamic Link Manager

       

Software

Dynamic Replicator

       

Software

e-Copy

       

Software

IT Operations Analyzer

       

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

15

L

a

s

t

M

o

d

i

f

i

e

d

:

7

-

M

a

y

2015

L a s t M o d i f i e d : 7 - M

(FREAK)

         

Product Type

Product Name

Affected?

Vulnerable?

Version

More Information

Software

IT Operations Analyzer Advance

       

Software

IT Operations Director

       
 

IT Operations

       

Software

Integrator

 

IT Operations

       

Software

Repository

Software

LPAR

       

Software

Microsoft Adapters

       

Software

NanoCopy

       

Software

Oracle Adapters

       

Software

Power Saving

       

Software

Protection Manager

       

Software

Replication Manager

       

Software

Replication Monitor

       

Software

SAP Adapters

       

Software

Sepaton

       

Software

Server Conductor

       

Software

Seven10

       

Software

SpectraLogic

       

Software

Storage Adapter for Petrel

       
 

Storage Navigator

     

Does not use the cipher of type RSA-EXPORT

Software

Modular 2

No

No

Software

Storage Optimization for MS SharePoint

       
 

Storage Services

       

Software

Manager

 

Storage Viewer Suite

       

Backup Services

Software

Manager (HBSM)

Storage Capacity

Reporter (HSCR)

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

16

L

a

s

t

M

o

d

i

f

i

e

d

:

7

-

M

a

y

2015

L a s t M o d i f i e d : 7 - M

(FREAK)

         

Product Type

Product Name

Affected?

Vulnerable?

Version

More Information

 

Storage Fabric Reporter (HSFR)

       

Virtual Server Reporter (HVSR)

File Analytics Reporter (HFAR)

Software

StorFirst Apollo

       
 

Streaming Data

       

Software

Platform

Software

Symantec Adapters

       
 

Tiered Storage

       

Software

Manager

Software

Tiered Storage Manager for MF

       

Software

Tuning Manager

       

Software

TurboLUN

       
 

UCP Orchestration Software

     

Only effects clients when a server indicates the client needs to downgrade the security session. This does not affect the server.

Software

NO

NO

All

Software

Virtual Infrastructure Integrator

       

Software

Virtual Tape Library Diligent

       

VTL

Virtual Tape Library FalconStor

       

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

17

L

a

s

t

M

o

d

i

f

i

e

d

:

7

-

M

a

y

2015

L a s t M o d i f i e d : 7 - M

(FREAK)

         

Product Type

Product Name

Affected?

Vulnerable?

Version

More Information

Software

VMware Adapters

       
 

Zone Allocation

       

Software

Manager

Systems

Adaptable Modular Storage (AMS)

No

No

 

System is never SSL client

Systems

Adaptable Modular Storage 2000

No

No

 

System is never SSL client

Systems

Capacity Optimization

       

Systems

Compute Blade and Compute Rack Products

 

File & Content

Content Platform (HCP)

No

No

All

HCP does not use the affected ciphers. HCP is not vulnerable.

File & Content

Content Platform Anywhere (HCP-AW)

No

No

All

HCP Anywhere does not use the affected ciphers. HCP Anywhere is not vulnerable.

File & Content

HCP S Nodes

No

No

All

HCP S Series is not vulnerable to CVE-2015-0204. It does not accept any of the cipher suites that are vulnerable.

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

18

L

a

s

t

M

o

d

i

f

i

e

d

:

7

-

M

a

y

2015

L a s t M o d i f i e d : 7 - M

(FREAK)

         

Product Type

Product Name

Affected?

Vulnerable?

Version

More Information

Systems

Data Discovery Suite

       

Systems

Data Discovery Suite for MS SharePoint

       
 

Data Ingestor and HNAS Platform F

       

File & Content

File & Content

Data Ingestor and HNAS Platform F

       

Systems

Essential NAS Platform

       
 

Hitachi Universal

       

Systems

Storage VM

No

No

File & Content

HUS File Module

Yes

No

 

Disable SSLv3 as per 81621

Systems

HyperStor

       

File & Content

NAS 3x00 (Titan)

Yes

No

 

Disable SSLv3 as per 81621

File & Content

NAS 30x0 (Mercury)

Yes

No

 

Disable SSLv3 as per 81621

File & Content

NAS 4000 Series

Yes

No

 

Disable SSLv3 as per 81621

File & Content

SMU

Yes

No

 

Disable SSLv3 as per 81621

Systems

Network Storage Controller (NSC55)

No

No

   
 

Simple Modular

       

Systems

Storage (SMS)

No

No

Systems

UCP for Microsoft Exchange

NO

NO

ALL

Only effects clients when a server indicates the client needs to downgrade the security session. This does not affect the server.

Systems

UCP Select for Microsoft SQL Server

NO

NO

ALL

Only effects clients when a server indicates the client needs to downgrade the security session. This does not affect the server.

Systems

UCP Select for Oracle Database

NO

NO

ALL

Only effects clients when a server indicates the client needs to downgrade the security session. This does not affect the server.

Systems

UCP Pro (UCP 4000 / 4000e) for VMware vSphere

NO

NO

ALL

Only effects clients when a server indicates the client needs to downgrade the security session. This does not affect the server.

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

19

L

a

s

t

M

o

d

i

f

i

e

d

:

7

-

M

a

y

2015

L a s t M o d i f i e d : 7 - M

(FREAK)

         

Product Type

Product Name

Affected?

Vulnerable?

Version

More Information

Systems

UCP Pro (UCP 4000/4000e) for Microsoft Private Cloud

NO

NO

ALL

Only effects clients when a server indicates the client needs to downgrade the security session. This does not affect the server.

Systems

UCP Select for SAP HANA

NO

NO

ALL

Only effects clients when a server indicates the client needs to downgrade the security session. This does not affect the server.

Systems

UCP Select for VMware View

NO

NO

ALL

Only effects clients when a server indicates the client needs to downgrade the security session. This does not affect the server.

Systems

UCP Select for VMware vSphere

NO

NO

ALL

Only effects clients when a server indicates the client needs to downgrade the security session. This does not affect the server.

Systems

Unified Storage File Module (HUS FM)

Yes

No

 

Disable SSLv3 as per 81621

Systems

Unified Storage (HUS)

No

No

 

System is never SSL client

Systems

Unified Storage VM (HUS VM)

No

No

   

Systems

Universal Storage Platform V (USP V)