Upload
cresmak
View
238
Download
0
Embed Size (px)
Citation preview
8/9/2019 Cust Letter Shellshock
1/32
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 1
Hitachi Data Systems Product Affectivity
for Worldwide Security Vulnerabilities
Hitachi Data Systems continuously strives to provide you with the highest quality products and solutions. We
take this responsibility very seriously. To this end, we constantly monitor our quality control and storage
system test processes to ensure that our products are secure and operating at peak performance.
When worldwide security vulnerabilities are identified, our Product Engineering and Global Security teams
review with our vendors any potential security threats that the vulnerability may pose within Hitachi Data
Systems product and solution offerings. At the completion of the assessment Hitachi Data Systems releases
product statements describing any exposure our customers may have to this issue. Our engineering teams
prepare circumvention and software fixes for any product affected to ensure that you are protected.
A list of worldwide security vulnerabilities is included in the table below. Click the name of the vulnerability to
view Hitachi Data Systems product affectivity matrix for that issue.
SecurityVulnerability
Description
GHOST(CVE-2015-0235)January 27, 2015
CVE-2015-0235 -GHOST is a 'buffer overflow' Linux bug affecting the gethostbyname() and
gethostbyname2() function calls in the glibc library. This vulnerability in Linux allows a remote attack
that is able to make an application call to either of these functions to execute arbitrary code with the
permissions of the user running the application.
NTP(CVE-2014-9293through CVE-2014-9296) December 22, 2014
Network Time Protocol (NTP) Vulnerability (CVE-2014-9293 through CVE-2014-9296): A remote
attacker can send a carefully crafted packet that can overflow a stack buffer and potentially allow
malicious code to be executed with the privilege level of the ntpd process.
POODLECVE-2014-3566 September 2014
Padding Oracle On Downgraded Legacy Encryption (POODLE): An attacker who acts as man-in-the-
middle can force the SSL/TLS protocol to downgrade to version 3.0 if the attacked application support
this old SSL version. This legacy protocol is not secure. Depending on the application, it may be possib
for an adversary to mount attacks that can lead to disclosure of secret data such as passwords or HTT
cookies.
ShellshockCVE-2014-6271 September 24, 2014
Shellshock CVE-2014-6271 (and the related issues CVE-2014-7169, CVE-2014-7186, CVE-2014-7187,
CVE-2014-6277, and CVE-2014-6278): This vulnerability affects UNIX-based Bash (Bourne shell) and h
the potential to arbitrarily execute code within UNIX environments. Some native services and
applications may allow remote unauthenticated attackers to provide environment variables and explo
this issue.
8/9/2019 Cust Letter Shellshock
2/32
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 2
SecurityVulnerability
Description
OpenSSL Heartbleed April 2014
OpenSSL Heartbleed: This is a serious vulnerability in the popular OpenSSL cryptographic softwarelibrary. This weakness allows stealing the information protected under normal conditions by the SSL/T
encryption used to secure the internet. SSL/TLS provides communication security and privacy over the
internet for applications such as web, email, instant messaging (IM) and some virtual private network
(VPNs). The Heartbleed bug allows anyone on the Internet to read the memory of the systems protec
by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identif
the service providers and to encrypt the traffic, the names and passwords of the users and the actual
content. This allows attackers to eavesdrop on communications, steal data directly from the services
users and to impersonate services and users.
CVE-2015-0235 GHOST: glibc gethostbyname Buffer OverflowThe following table references Hitachi Data Systems products and solutions affected by the worldwide security
issue known as NTP. Open items are actively updated; please review this table frequently for new details.
(GHOST)
Product Type Product Name Affected? Vulnerable? Version More Information
Networking Brocade No No
http://www.brocade.com/dow
oads/documents/technical_su
ort_bulletins/brocade-
assessment-gnu-c-library-sa.pdVTL BusTech Vendor investigation 1/27/15
Networking Cisco Systems Vendor investigation 1/29/15
Networking Emulex
Networking Qlogic Vendor investigation 1/29/15
Software Application Protector
Software Arkivio Vendor investigation 1/27/15
SoftwareBusiness Continuity
ManagerNo No BCM does not utilize glibc
Software CA Integration Module
SoftwareClinical Repository -
Karos
Vendor investigation 1/27/15
SoftwareClinical Repository -
Visbion
Vendor investigation 1/27/15
http://www.brocade.com/downloads/documents/technical_support_bulletins/brocade-assessment-gnu-c-library-sa.pdfhttp://www.brocade.com/downloads/documents/technical_support_bulletins/brocade-assessment-gnu-c-library-sa.pdfhttp://www.brocade.com/downloads/documents/technical_support_bulletins/brocade-assessment-gnu-c-library-sa.pdfhttp://www.brocade.com/downloads/documents/technical_support_bulletins/brocade-assessment-gnu-c-library-sa.pdfhttp://www.brocade.com/downloads/documents/technical_support_bulletins/brocade-assessment-gnu-c-library-sa.pdfhttp://www.brocade.com/downloads/documents/technical_support_bulletins/brocade-assessment-gnu-c-library-sa.pdfhttp://www.brocade.com/downloads/documents/technical_support_bulletins/brocade-assessment-gnu-c-library-sa.pdfhttp://www.brocade.com/downloads/documents/technical_support_bulletins/brocade-assessment-gnu-c-library-sa.pdf
8/9/2019 Cust Letter Shellshock
3/32
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 3
(GHOST)
Product Type Product Name Affected? Vulnerable? Version More Information
Software Command Director
SoftwareCompute Systems
Manager
SoftwareData Discovery Suite
for MS SharepointNo No
HDDS required the installation
RHEL 6.2; there is a security
update that should be applied
Software Data Instance Manager
Software Data Protection Suite
Software Device Manager
Software Dual Active ID
Software Dynamic Link Manager
Software Dynamic Replicator Vendor investigation 1/27/15
Software e-Copy
File & ContentExtension Pack for
Secure FTP
Software IT Operations Analyzer
SoftwareIT Operations Analyzer
Advance
Software IT Operations Director
SoftwareIT Operations
Integrator
SoftwareIT Operations
Repository
Software LPAR Tbd Tbd
Updated expected 3-Feb-14 fo
• CB 2500, CB 2000, CB 500
CB 320
Software Microsoft Adapters
Software NanoCopy
Software Oracle Adapters
8/9/2019 Cust Letter Shellshock
4/32
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 4
(GHOST)
Product Type Product Name Affected? Vulnerable? Version More Information
Software Power Saving
Software Protection Manager
Software Replication Manager
Software Replication Monitor
Software SAP Adapters
Software Sepaton
Software Server Conductor
Software Seven10 Vendor investigation 1/27/15
Software SpectraLogic Vendor investigation 1/27/15
Software Storage Adapter forPetrel
SoftwareStorage Navigator
Modular 2No No
SNM2 does not contain Linux
OS/glibc. Recommend custome
upgrade to fixed OS/glibc and
then restart SNM2 service.
SoftwareStorage Optimization
for MS SharePointNo No
SoftwareStorage Services
Manager
Software
Storage Viewer Suite
Backup Services
Manager (HBSM)
Storage Capacity
Reporter (HSCR)
Storage Fabric Reporter
(HSFR)
Virtual Server Reporter
(HVSR)
File Analytics Reporter
(HFAR)Software StorFirst Apollo
SoftwareStreaming Data
Platform
Software Symantec Adapters
8/9/2019 Cust Letter Shellshock
5/32
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 5
(GHOST)
Product Type Product Name Affected? Vulnerable? Version More Information
SoftwareTiered Storage
Manager
SoftwareTiered Storage
Manager for MF
Software Tuning Manager
Software TurboLUN
SoftwareUCP Orchestration
SoftwareYes Yes ALL
Under Investigation
SoftwareVirtual Infrastructure
Integrator
SoftwareVirtual Tape Library
Diligent
VTLVirtual Tape Library
FalconStorVendor investigation 1/27/15
Software VMware Adapters
SoftwareZone Allocation
Manager
SystemsAdaptable Modular
Storage (AMS)
NoNo
Product does not contain Linux
OS, nor glibc library
SystemsAdaptable Modular
Storage 2000No No
Product does not contain Linux
OS, nor glibc library
Systems Capacity Optimization
Systems Compute Blade 2500 Tbd TbdUpdated expected 3-Feb-14 fo
BMC, SVP, DCBSW, LANSW
8/9/2019 Cust Letter Shellshock
6/32
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 6
(GHOST)
Product Type Product Name Affected? Vulnerable? Version More Information
Systems Compute Blade 2000 Tbd Tbd
Updated expected 3-Feb-14 fo
BMC, SVP, DCBSW, FCSW
Not applicable:
LANSW.
Systems Compute Blade 500 Tbd Tbd
Updated expected 3-Feb-14 fo
BMC, SVP, DCBSW, FCSW
Not applicable:
LANSW.
Systems Compute Blade 320 Tbd Tbd
Updated expected 3-Feb-14 fo
SVP
Not applicable:
BMC, DCBSW, FCSW, LANS
SystemsCompute Rack
210H/220H/220STbd Tbd Updated expected 3-Feb-14
Systems Compute Rack 220 Tbd Tbd Updated expected 3-Feb-14
File & Content
Content Platform (HCP)
and Content Platform
Anywhere (HCP-AW)
Under Investigation
Systems Data Discovery Suite Under Investigation
SystemsData Discovery Suite
for MS SharePointUnder Investigation
File & Content Data Ingestor Under Investigation
SystemsHitachi Universal
Storage VMNo No
Product does not contain Linux
OS, nor glibc library
File & Content HUS File Module
Systems HyperStor
File & Content NAS 3x00 (Titan) No LINUX
File & Content NAS 30x0 (Mercury) TBD
File & Content NAS 4000 Series TBD
File & Content SMU Fix to glibc available 12.2.3753
File & Content NAS Platform F Under Investigation
8/9/2019 Cust Letter Shellshock
7/32
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 7
(GHOST)
Product Type Product Name Affected? Vulnerable? Version More Information
SystemsNetwork Storage
Controller (NSC55)No No
Product does not contain Linux
OS, nor glibc library
SystemsSimple Modular
Storage (SMS)No No
Product does not contain Linux
OS, nor glibc library
SystemsUCP for Microsoft
ExchangeNo No
SystemsUCP Select for
Microsoft SQL ServerNo No
SystemsUCP Select for Oracle
DatabaseNo No
SystemsUCP Pro (UCP 4000 /4000e) for VMware
vSphere
Yes YesFix currently being developed.
(1/28/15)
Systems UCP Pro (UCP
4000/4000e) for
Microsoft Private Cloud
Yes YesFix currently being developed.
(1/28/15)
SystemsUCP Select for SAP
HANAYes Yes
SuSE Linux Enterprise 11 and
older products. Patches have
been released and can be foun
at: This Link
Systems UCP Select for VMware
View No No
SystemsUCP Select for VMware
vSphereNo No
SystemsUnified Storage File
Module (HUS FM)
Systems Unified Storage (HUS) No No
Product does not contain Linux
OS, nor glibc library
SystemsUnified Storage VM
(HUS VM)No No
Product does not contain Linux
OS, nor glibc library
Universal Storage
Platform V
https://support.novell.com/security/cve/CVE-2015-0235.htmlhttps://support.novell.com/security/cve/CVE-2015-0235.htmlhttps://support.novell.com/security/cve/CVE-2015-0235.htmlhttps://support.novell.com/security/cve/CVE-2015-0235.html
8/9/2019 Cust Letter Shellshock
8/32
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 8
(GHOST)
Product Type Product Name Affected? Vulnerable? Version More Information
Systems (USP V) No NoProduct does not contain Linux
OS, nor glibc library
Systems Universal Storage
Platform VM (USP VM)No No
Product does not contain Linux
OS, nor glibc library
SystemsHitachi Virtual Storage
Platform G1000 (VSP
G1000)
No NoProduct does not contain Linux
OS, nor glibc library
SystemsVirtual Storage
Platform (VSP)No No
Product does not contain Linux
OS, nor glibc library
SystemsWorkgroup Modular
Storage WMSNo No
Product does not contain Linux
OS, nor glibc library
OtherHi-Track Remote
Monitoring systemNo No
OtherRemote Access Control
Center (RACC)No No RACC does not support Linux
8/9/2019 Cust Letter Shellshock
9/32
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 9
NTP (CVE-2014-9293 through CVE-2014-9296)The following table references Hitachi Data Systems products and solutions affected by the worldwide security
issue known as NTP. Open items are actively updated; please review this table frequently for new details.
(NTP)
Product Type Product Name Affected? Vulnerable? Version More Information
Networking Brocade No No
FOS products
are not
affected
NOS and BNA are under
investigation
VTL BusTech Vendor investigation 1/8/15
Networking Cisco Systems Yes YesMDS products
are affected
Bug ID CSCus26870 has been
created. Fixed in version TBD
Networking Emulex
Networking Qlogic No No
Software Application Protector
Software Arkivio Vendor investigation 1/8/15
SoftwareBusiness Continuity
ManagerNo No Product does not utilize ntpd
Software CA Integration Module
SoftwareClinical Repository -
Karos
Vendor investigation 1/8/15
SoftwareClinical Repository -
Visbion
Vendor investigation 1/8/15
Software Command Director
SoftwareCompute Systems
Manager
SoftwareData Discovery Suite
for MS Sharepoint
Software Data Instance Manager
Software Data Protection Suite
Software Device Manager
Software Dual Active ID
https://tools.cisco.com/bugsearch/bug/CSCus26870https://tools.cisco.com/bugsearch/bug/CSCus26870https://tools.cisco.com/bugsearch/bug/CSCus26870https://tools.cisco.com/bugsearch/bug/CSCus26870
8/9/2019 Cust Letter Shellshock
10/32
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 10
(NTP)
Product Type Product Name Affected? Vulnerable? Version More Information
Software Dynamic Link Manager
Software Dynamic Replicator Vendor investigation 1/8/15
Software e-Copy
File & ContentExtension Pack for
Secure FTP
Software IT Operations Analyzer
SoftwareIT Operations Analyzer
Advance
Software IT Operations Director
SoftwareIT Operations
Integrator
SoftwareIT Operations
Repository
Software Microsoft Adapters
Software NanoCopy
Software Oracle Adapters
Software Power Saving
Software Protection Manager
Software Replication Manager
Software Replication Monitor
Software SAP Adapters
Software Sepaton
Software Server Conductor
Software Seven10 Vendor investigation 1/8/15
Software SpectraLogic Yes Low VerdeTape not affected – Disk lowimpact, however Patch being
released. Fix in new version.
SoftwareStorage Adapter for
Petrel
8/9/2019 Cust Letter Shellshock
11/32
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 11
(NTP)
Product Type Product Name Affected? Vulnerable? Version More Information
SoftwareStorage Navigator
Modular 2No No Product does not utilize ntpd
SoftwareStorage Optimization
for MS SharePoint
SoftwareStorage Services
Manager
Software
Storage Viewer Suite
Backup Services
Manager (HBSM)
Storage Capacity
Reporter (HSCR)
Storage Fabric Reporter
(HSFR)
Virtual Server Reporter
(HVSR)
File Analytics Reporter
(HFAR)
Software StorFirst Apollo
SoftwareStreaming Data
PlatformSoftware Symantec Adapters
SoftwareTiered Storage
Manager
SoftwareTiered Storage
Manager for MF
Software Tuning Manager
Software TurboLUN
SoftwareUCP Orchestration
SoftwareYes Yes All Versions
SoftwareVirtual Infrastructure
Integrator
SoftwareVirtual Tape Library
Diligent
8/9/2019 Cust Letter Shellshock
12/32
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 12
(NTP)
Product Type Product Name Affected? Vulnerable? Version More Information
VTLVirtual Tape Library
FalconStor
Affected. Working on patch fo
current version, addressed in
future versions. 1-8-15
Software VMware Adapters
SoftwareZone Allocation
Manager
Systems Adaptable ModularStorage (AMS)
No No Product does not utilize ntpd
SystemsAdaptable Modular
Storage 2000No No Product does not utilize ntpd
Systems Capacity Optimization
Systems Compute Blade 2000
Systems Compute Blade 500
Systems Compute Blade 320
SystemsCompute Rack
210H/220H/220S
Systems Compute Rack 220
File & Content
Content Platform (HCP)
and Content Platform
Anywhere (HCP-AW)
No No
External time servers connecte
to HCP should be secure and
trusted servers that should be
updated to NTP 4.2.8 or greate
Systems Data Discovery Suite
SystemsData Discovery Suite
for MS SharePoint
File & Content Data Ingestor No No
System does not use KeyAuthentication and discards
connection requests exploited
vulnerability
SystemsHitachi Universal
Storage VMNo No Product does not utilize ntpd
8/9/2019 Cust Letter Shellshock
13/32
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 13
(NTP)
Product Type Product Name Affected? Vulnerable? Version More Information
File & Content HUS File Module Yes
Systems HyperStor
File & Content NAS 3x00 (Titan) No No Not a LINUX base, custom NTP
File & Content NAS 30x0 (Mercury) YesLimited (no
Internet)All GA
Fix will be available in 12.1MR
(TBD) in Feb 2015
File & Content NAS 4000 Series YesLimited (no
Internet)All GA
Fix will be available in 12.1MR
(TBD) in Feb 2015
File & Content SMU Yes
Limited (no
Internet) All GA
Fix will be available in SMU
12.1.3613.08, 12.2.3753.07 in
2015
File & Content NAS Platform F No No
System does not use Key
Authentication and discards
connection requests exploited
vulnerability
SystemsNetwork Storage
Controller (NSC55)No No Product does not utilize ntpd
SystemsSimple Modular
Storage (SMS)No No Product does not utilize ntpd
SystemsUCP for Microsoft
ExchangeNo No
NTP issue is found in UCP
Director only.
Systems UCP Select forMicrosoft SQL Server
No No NTP issue is found in UCPDirector only.
SystemsUCP Select for Oracle
DatabaseNo No
NTP issue is found in UCP
Director only.
Systems
UCP Pro (UCP 4000 /
4000e) for VMware
vSphere
Yes YesNTP issue is found in UCP
Director only.
Systems UCP Pro (UCP
4000/4000e) for
Microsoft Private Cloud
No NoNTP issue is found in UCP
Director only.
SystemsUCP Select for SAP
HANA No
No NTP issue is found in UCPDirector only.
Systems UCP Select for VMware
ViewNo No
NTP issue is found in UCP
Director only.
8/9/2019 Cust Letter Shellshock
14/32
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 14
(NTP)
Product Type Product Name Affected? Vulnerable? Version More Information
SystemsUCP Select for VMware
vSphereNo No
NTP issue is found in UCP
Director only.
SystemsUnified Storage File
Module (HUS FM)
Systems Unified Storage (HUS) No No Product does not utilize ntpd
SystemsUnified Storage VM
(HUS VM) No No Product does not utilize ntpd
Universal Storage
Platform VNo No Product does not utilize ntpd
Systems (USP V)
Systems Universal Storage
Platform VM (USP VM) No
No
Product does not utilize ntpd
SystemsHitachi Virtual Storage
Platform G1000 (VSP
G1000)
No No Product does not utilize ntpd
Systems Virtual StoragePlatform (VSP)
No No Product does not utilize ntpd
SystemsWorkgroup Modular
Storage WMSNo No Product does not utilize ntpd
OtherHi-Track Remote
Monitoring systemNo No
OtherRemote Access Control
Center (RACC)No No
8/9/2019 Cust Letter Shellshock
15/32
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 15
Poodle CVE-2014-3566The following table references Hitachi Data Systems products and solutions affected by the worldwide security
issue known as Poodle. Open items are actively updated; please review this table frequently for new details.
(POODLE)
Product
TypeProduct Name Affected? Vulnerable? Version More Information
Networking Brocade Yes YesFOS 6.x
FOS 7.x
Fix issued in the following FOS releases:
6.4.3g; 7.02f; 7.1.2c; 7.2.1d; 7.3.0c
VTL BusTech Under Investigation as of 10-16
Networking Cisco Systems Yes YesNX-OS
5.x; 6.x
Fixed in the following NXOS releases: 5.2(8e
6.2(9a)
Networking Emulex No No
Networking Qlogic Yes Yes
8.0.14.12
and
below
Fixed in firmware 8.0.14.13.00
Software Application Protector
Software Arkivio Under Investigation as of 10-16
SoftwareBusiness Continuity
ManagerYes No All
BCM does not use SSL, but IBM HTTP Server
(HIS) uses SSL communications between BCM
and HRpM. IBM recommends disabling SSL v
SoftwareCA Integration
Module
SoftwareClinical Repository -
KarosYes Low Has statement.
SoftwareClinical Repository -
VisbionNo Under Investigation as of 10-16
Software Command Director No
SoftwareCompute Systems
ManagerYes
Need to disable SSL v3 on server side and us
other secure communication method with
client side.
SoftwareData Discovery Suite
for MS Sharepoint
SoftwareData Instance
Manager
Software Data Protection Suite
8/9/2019 Cust Letter Shellshock
16/32
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 16
(POODLE)
Product
TypeProduct Name Affected? Vulnerable? Version More Information
Software Device Manager Yes
Need to disable SSL v3 on server side and us
other secure communication method with
client side.
Software Dual Active ID
SoftwareDynamic Link
ManagerNo
Need to disable SSL v3 on server side and us
other secure communication method with
client side.
Software Dynamic Replicator Under Investigation as of 10-16.
Software e-Copy
File &Content
Extension Pack forSecure FTP
SoftwareIT Operations
AnalyzerYes
Need to disable SSL v3 on server side and us
other secure communication method with
client side.
SoftwareIT Operations
Analyzer AdvanceYes
Need to disable SSL v3 on server side and us
other secure communication method with
client side.
Software IT Operations Director Yes
Need to disable SSL v3 on server side and us
other secure communication method with
client side.
SoftwareIT Operations
IntegratorNo
Need to disable SSL v3 on server side and us
other secure communication method with
client side.
SoftwareIT Operations
RepositoryNo
Need to disable SSL v3 on server side and us
other secure communication method with
client side.
Software Microsoft Adapters
Software NanoCopy
Software Oracle Adapters
Software Power SavingSoftware Protection Manager
Software Replication Manager Yes
Need to disable SSL v3 on server side and us
other secure communication method with
client side.
Software Replication Monitor
8/9/2019 Cust Letter Shellshock
17/32
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 17
(POODLE)
Product
TypeProduct Name Affected? Vulnerable? Version More Information
Software SAP Adapters Under Investigation as of 10-16
Software Sepaton
Software Server Conductor
Software Seven10 No
Software SpectraLogic Under Investigation as of 10-16
SoftwareStorage Adapter for
Petrel
SoftwareStorage Navigator
Modular 2 Yes Low Risk
V4 and
above for
DF850
V21 and
above for
DF800
SNM2 GUI is affected (NOT CLI, NOT API). Fix
schedule TBD, Alert pending. Suggestdisabling SSL v3 in web browser for interim
SoftwareStorage Optimization
for MS SharePoint
SoftwareStorage Services
Manager
Software
Storage Viewer Suite
Backup Services
Manager (HBSM)Storage Capacity
Reporter (HSCR)
Storage Fabric
Reporter (HSFR)
Virtual Server Reporter
(HVSR)
File Analytics Reporter
(HFAR)
Software StorFirst Apollo
SoftwareStreaming Data
Platform No
Software Symantec Adapters
SoftwareTiered Storage
ManagerYes
Need to disable SSL v3 on server side and us
other secure communication method with
client side.
8/9/2019 Cust Letter Shellshock
18/32
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 18
(POODLE)
Product
TypeProduct Name Affected? Vulnerable? Version More Information
SoftwareTiered Storage
Manager for MF
Software Tuning Manager Yes
Need to disable SSL v3 on server side and us
other secure communication method with
client side.
Software TurboLUN
SoftwareUCP Orchestration
Software
SoftwareVirtual Infrastructure
Integrator
SoftwareVirtual Tape Library
Diligent
VTLVirtual Tape Library
FalconStor
Not
affected
Software VMware Adapters
SoftwareZone Allocation
Manager
Systems
Adaptable/Workgroup
Modular Storage
(AMS/WMS)
Not
affected
SystemsAdaptable Modular
Storage 2000Yes Low Risk
V04 and
later082030
Systems Capacity Optimization
Systems Compute Blade 2000
Systems Compute Blade 500
Systems Compute Blade 320
SystemsCompute Rack
210H/220H/220S
https://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_082030.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_082030.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_082030.hcsp
8/9/2019 Cust Letter Shellshock
19/32
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 19
(POODLE)
Product
TypeProduct Name Affected? Vulnerable? Version More Information
Systems Compute Rack 220
File &
Content
Content Platform
(HCP) and Content
Platform Anywhere
(HCP-AW)
081645
Systems Data Discovery Suite
SystemsData Discovery Suite
for MS SharePoint
File &
ContentData Ingestor Yes Low Risk All Fix schedule TBD
File &
Content
High-performance
NAS Platform
SystemsHitachi Universal
Storage VMYes Low Risk All 81729
File &
ContentHUS File Module
Systems HyperStor
File &
ContentNAS 3x00 (Titan) YES Low Risk
Release
8.x
File &
Content
NAS 30x0 (Mercury) YES Low RiskPrior to
12.1File &
ContentNAS 4000 Series YES Low Risk
Prior to
12.1
File &
ContentSMU YES Low Risk
Prior to
12.2
File &
ContentNAS Platform F Yes Low Risk All Fix schedule TBD
SystemsNetwork Storage
Controller (NSC55)TBD
SystemsSimple Modular
Storage (SMS)Yes Low Risk
V04 and
laterFix schedule TBD, Alert pending
File &Content
Titan
SystemsUCP for Microsoft
Exchange
SystemsUCP for Microsoft SQL
Server
https://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081645.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081729.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081729.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081729.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081645.hcsp
8/9/2019 Cust Letter Shellshock
20/32
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 20
(POODLE)
Product
TypeProduct Name Affected? Vulnerable? Version More Information
SystemsUCP for Oracle
Database
SystemsUCP Pro for VMware
vSphere
Systems
Systems
UCP Pro for VMware
vSphere
UCP Select for Citrix
XenDesktop
SystemsSystems
Systems
UCP Pro for VMware
vSphere
UCP Select for CitrixXenDesktop
UCP Select for
Microsoft Private
Cloud
Systems UCP Select for Oracle
SystemsUCP Select for SAP
HANA
SystemsSystems
UCP Select for SAP
HANAUCP Select for
VMware View
Systems
Systems
Systems
UCP Select for SAP
HANA
UCP Select for
VMware View
UCP Select for
VMware vSphere
Systems Unified Storage (HUS) Yes Low Risk All 082030
File &
Content
Unified Storage File
Module (HUS FM)
SystemsUnified Storage VM
(HUS VM)Yes Low Risk All 81729
SystemsUniversal Storage
Platform VAll 81729
https://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_082030.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_082030.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081729.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081729.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081729.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081729.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081729.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_082030.hcsp
8/9/2019 Cust Letter Shellshock
21/32
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 21
(POODLE)
Product
TypeProduct Name Affected? Vulnerable? Version More Information
(USP V)Yes Low Risk
Systems
Universal Storage
Platform VM (USP
VM)
Yes Low Risk All 81729
Systems
Hitachi Virtual Storage
Platform G1000 (VSP
G1000)
Yes Low Risk AllOnly SMI-S is affected (SN/SVP not affected)
81729
SystemsVirtual Storage
Platform (VSP)Yes Low Risk All 81729
OtherHi-Track Remote
Monitoring systemNo No
OtherRemote Access
Control Center (RACC)No No
https://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081729.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081729.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081729.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081729.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081729.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081729.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081729.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081729.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081729.hcsp
8/9/2019 Cust Letter Shellshock
22/32
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 22
Shellshock CVE-2014-6271The following table references Hitachi Data Systems products and solutions affected by the worldwide security
issue known as Shellshock. Open items are actively updated; please review this table frequently for new details.
(Shellshock)
Product Type Product Name Affected? Vulnerable? Version More Information
Networking Brocade Yes Yes FOS 6.x, 7.x Fixed in FOS 6.4.3g; 7.1.2b; 7.2.1d
7.3.0b
VTL BusTech TBD Under investigation
Networking Cisco Systems Yes Yes NXOS 5.x;
6.x
Fixed in NXOS 5.2(8e); 6.2(9a)
Networking Ctera No
Networking Emulex No NoNetworking Qlogic Yes Yes 8.0.14.12
and below
Fixed in firmware 8.0.14.13.00
Software Application
Protector
TBD
Software Arkivio TBD Under investigation
Software Business
Continuity
Manager
TBD
Software CA Integration
Module
TBD
Software Clinical
Repository -
Karos
No
Software Clinical
Repository -
Visbion
No
Software Command
Director
No
Software Compute
Systems
Manager
No
Software Data Discovery
Suite for MS
Sharepoint
TBD
Software Data Instance
Manager
TBD
Software Data Protection
Suite
TBD
8/9/2019 Cust Letter Shellshock
23/32
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 23
(Shellshock)
Product Type Product Name Affected? Vulnerable? Version More Information
Software Device Manager NoSoftware Dual Active ID TBD
Software Dynamic Link
Manager
No
Software Dynamic
Replicator
No Under investigation
Software e-Copy TBD
File & Content Extension Pack
for Secure FTP
Yes No Alert #81524
Software IT Operations
Analyzer
TBD
Software IT OperationsAnalyzer
Advance
TBD
Software IT Operations
Director
TBD
Software IT Operations
Integrator
TBD
Software IT Operations
Repository
TBD
Software Microsoft
Adapters
TBD
Software NanoCopy TBDSoftware Oracle Adapters TBD
Software Power Saving TBD
Software Protection
Manager
No
Software Replication
Manager
No
Software Replication
Monitor
No
Software SAP Adapters TBD
Software Sepaton TBD
Software ServerConductor
TBD
Software Seven10 No
Software SpectraLogic TBD
Software Storage Adapter
for Petrel
TBD
http://cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081524.hcsphttp://cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081524.hcsphttp://cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081524.hcsphttp://cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081524.hcsp
8/9/2019 Cust Letter Shellshock
24/32
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 24
(Shellshock)
Product Type Product Name Affected? Vulnerable? Version More Information
Software StorageNavigator
Modular 2
No No 81554
Software Storage
Optimization for
MS SharePoint
TBD
Software Storage Services
Manager
TBD
Software Storage Viewer
Suite
Backup Services
Manager (HBSM)Storage Capacity
Reporter (HSCR)
Storage Fabric
Reporter (HSFR)
Virtual Server
Reporter (HVSR)
File Analytics
Reporter (HFAR)
No
Software StorFirst Apollo No
Software Streaming Data
Platform
TBD
Software SymantecAdapters TBD
Software Tiered Storage
Manager
No
Software Tiered Storage
Manager for MF
No
Software Tuning Manager No
Software TurboLUN TBD
https://extranet.hds.com/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081554.hcsphttps://extranet.hds.com/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081554.hcsphttps://extranet.hds.com/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081554.hcsp
8/9/2019 Cust Letter Shellshock
25/32
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 25
(Shellshock)
Product Type Product Name Affected? Vulnerable? Version More Information
Software UCPOrchestration
Software
Yes Yes If you are using versions of Bash ioperating systems based on SUSLinux Enterprise 9, 10 or 11, yourservers are potentially at risk. Ifyour systems are compromised, wrecommend that you patch yoursystems right away.Follow this link for the securityupdate from SuSE,
https://www.suse.com/support/u
date/announcement/2014/suse-
su-20141247-1.html
Software Virtual
Infrastructure
Integrator
TBD
Software Virtual Tape
Library Diligent
TBD
VTL Virtual Tape
Library
FalconStor
Yes Yes Current Patch is available on
falconstore.com
Software VMware
Adapters
TBD
Software Zone Allocation
Manager
TBD
Systems Adaptable
Modular
Storage (AMS)
No
No 81554
Systems Adaptable
Modular
Storage 2000
No No 81554
Systems Capacity
Optimization
TBD
Systems Compute Blade
2000
No No N/A
Systems Compute Blade500
No No N/A
Systems Compute Blade
320
No No N/A
Systems Compute Rack
210H/220H/220
S
No No N/A
https://www.suse.com/support/update/announcement/2014/suse-su-20141247-1.htmlhttps://www.suse.com/support/update/announcement/2014/suse-su-20141247-1.htmlhttps://www.suse.com/support/update/announcement/2014/suse-su-20141247-1.htmlhttps://www.suse.com/support/update/announcement/2014/suse-su-20141247-1.htmlhttps://extranet.hds.com/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081554.hcsphttps://extranet.hds.com/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081554.hcsphttps://extranet.hds.com/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081554.hcsphttps://extranet.hds.com/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081554.hcsphttps://extranet.hds.com/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081554.hcsphttps://extranet.hds.com/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081554.hcsphttps://www.suse.com/support/update/announcement/2014/suse-su-20141247-1.htmlhttps://www.suse.com/support/update/announcement/2014/suse-su-20141247-1.htmlhttps://www.suse.com/support/update/announcement/2014/suse-su-20141247-1.html
8/9/2019 Cust Letter Shellshock
26/32
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 26
(Shellshock)
Product Type Product Name Affected? Vulnerable? Version More Information
Systems Compute Rack220
No No N/A
File & Content Content
Platform (HCP)
and Content
Platform
Anywhere (HCP-
AW)
No No All Alert #81528
Systems Data Discovery
Suite
No Dependent Customer responsible to patch Re
Hat Linux installation
Systems Data Discovery
Suite for MSSharePoint
No
File & Content Data Ingestor Yes No All Alert #81520
File & Content High-
performance
NAS Platform
Yes No Alert #81511
Systems Hitachi
Universal
Storage VM
No No 81554
File & Content HUS File
Module
Yes No Alert #81511
Systems HyperStor TBD
File & Content Mercury Yes No Alert #81511
File & Content NAS 4000 Series Yes No Alert #81511
File & Content NAS Platform Yes No Alert #81511
File & Content NAS Platform F Yes No Alert #81528
Systems Network
Storage
Controller
(NSC55)
No No 81554
Systems Simple Modular
Storage (SMS)
No No 81554
File & Content Titan Yes No Alert #81511
Systems UCP for
Microsoft
Exchange
No No
https://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081528.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081528.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081520.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081520.hcsphttp://cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081511.hcsphttp://cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081511.hcsphttps://extranet.hds.com/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081554.hcsphttps://extranet.hds.com/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081554.hcsphttp://cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081511.hcsphttp://cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081511.hcsphttp://cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081511.hcsphttp://cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081511.hcsphttp://cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081511.hcsphttp://cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081511.hcsphttp://cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081511.hcsphttp://cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081511.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081520.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081520.hcsphttps://extranet.hds.com/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081554.hcsphttps://extranet.hds.com/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081554.hcsphttps://extranet.hds.com/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081554.hcsphttps://extranet.hds.com/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081554.hcsphttp://cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081511.hcsphttp://cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081511.hcsphttp://cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081511.hcsphttps://extranet.hds.com/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081554.hcsphttps://extranet.hds.com/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081554.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081520.hcsphttp://cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081511.hcsphttp://cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081511.hcsphttp://cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081511.hcsphttp://cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081511.hcsphttps://extranet.hds.com/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081554.hcsphttp://cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081511.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081520.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081528.hcsp
8/9/2019 Cust Letter Shellshock
27/32
8/9/2019 Cust Letter Shellshock
28/32
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 28
(Shellshock)
Product Type Product Name Affected? Vulnerable? Version More Information
Systems UniversalStorage
Platform V
(USP V)
No No 81554
Systems Universal
Storage
Platform VM
(USP VM)
No No 81554
Systems Hitachi Virtual
Storage
Platform G1000
(VSP G1000)
No No 81554
Systems Virtual Storage
Platform (VSP)
No No 81554
Systems Workgroup
Modular
Storage WMS
No No 81554
Other Hi-Track
Remote
Monitoring
system
No No
Other Remote Access
Control Center(RACC)
No No
https://extranet.hds.com/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081554.hcsphttps://extranet.hds.com/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081554.hcsphttps://extranet.hds.com/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081554.hcsphttps://extranet.hds.com/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081554.hcsphttps://extranet.hds.com/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081554.hcsphttps://extranet.hds.com/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081554.hcsphttps://extranet.hds.com/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081554.hcsphttps://extranet.hds.com/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081554.hcsphttps://extranet.hds.com/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081554.hcsphttps://extranet.hds.com/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081554.hcsphttps://extranet.hds.com/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081554.hcsphttps://extranet.hds.com/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081554.hcsphttps://extranet.hds.com/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081554.hcsphttps://extranet.hds.com/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081554.hcsphttps://extranet.hds.com/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_081554.hcsp
8/9/2019 Cust Letter Shellshock
29/32
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 29
OpenSSL HeartbleedThe following table references Hitachi Data Systems products and accessories affected by the worldwide security issue
known as OpenSSL Heartbleed. Open items are actively updated; please review this table frequently for new details.
(Heartbleed)
Product Type Product Name Affected? Version More InformationNetworking Asempra No
Networking Brocade No See Brocade.com
Networking BusTech No
Networking Ciena No
Networking Cisco Systems Yes See Cisco.com
Networking Ctera No
Networking Emulex No
Networking QlogicSoftware Application Protector No
Software Arkivio No
Software Business Continuity Manager
Software CA Integration Module
Software Clinical Repository - Karos No
Software Clinical Repository - Visbion Yes v1, v2 680669
Software Command Director No
Software Compute Systems Manager No
Software
Data Discovery Suite for MS
Sharepoint No
Software Data Instance Manager NoSoftware Data Protection Suite No
Software Device Manager No
Software Dual Active ID
Software Dynamic Link Manager No
Software Dynamic Replicator
Software e-Copy
Software Essential NAS Platform No
Software Extension Pack for Secure FTP Yes All Patch Available April 14, 2014
Software IT Operations Analyzer No
Software IT Operations Analyzer Advance No
Software IT Operations Director NoSoftware IT Operations Integrator No
Software IT Operations Repository No
Software Microsoft Adapters No
Software NanoCopy
Software Oracle Adapters No
http://www.brocade.com/downloads/documents/technical_support_bulletins/brocade-products-website-not-affected-by-heartbleed.pdfhttp://www.brocade.com/downloads/documents/technical_support_bulletins/brocade-products-website-not-affected-by-heartbleed.pdfhttp://www.brocade.com/downloads/documents/technical_support_bulletins/brocade-products-website-not-affected-by-heartbleed.pdfhttp://www.cisco.com/http://www.cisco.com/http://www.cisco.com/https://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_080669.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_080669.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_080669.hcsphttp://www.cisco.com/http://www.brocade.com/downloads/documents/technical_support_bulletins/brocade-products-website-not-affected-by-heartbleed.pdf
8/9/2019 Cust Letter Shellshock
30/32
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 30
(Heartbleed)
Product Type Product Name Affected? Version More InformationSoftware Power Saving
Software Protection Manager No
Software Replication Manager No
Software Replication Monitor No
Software SAP Adapters No
Software Sepaton No
Software Server Conductor
Software Seven10 No
Software SpectraLogic No
Software Storage Adapter for Petrel
Software Storage Navigator Modular 2 No
Software
Storage Optimization for MS
SharePoint
Software Storage Services Manager
Software Storage Viewer Suite
Backup Services Manager (HBSM)
Storage Capacity Reporter (HSCR)
Storage Fabric Reporter (HSFR)
Virtual Server Reporter (HVSR)
File Analytics Reporter (HFAR)
No
Software StorFirst Apollo
Software Streaming Data Platform
Software Symantec Adapters No
Software Tiered Storage Manager No
Software Tiered Storage Manager for MF No
Software Tuning Manager No
Software TurboLUN
Software UCP Orchestration Software Yes 2.x, 3.x 080667
Software Virtual Infrastructure Integrator No
Software Virtual Tape Library Diligent No
Software Virtual Tape Library FalconStor No
Software VMware Adapters No
Software Zone Allocation Manager
Systems 5700 Series No
Systems 5800 Series No
Systems 7000 Series No
Systems 9200 Series No
Systems 9500 V Series No
Systems 9900 Series No
Systems 9900 V Series No
https://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_080667.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_080667.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_080667.hcsp
8/9/2019 Cust Letter Shellshock
31/32
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity 31
(Heartbleed)
Product Type Product Name Affected? Version More Information
Systems
Adaptable Modular Storage
(AMS) No
Systems Adaptable Modular Storage 2000 No
Systems Capacity Optimization
Systems Compute Blade 2000 Yes 080852
Systems Compute Blade 500 Yes 080850
Systems Compute Blade 320 No
Systems Compute Rack 210H/220H/220S Yes 080854
Systems Compute Rack 220 No
Systems Content Archive Platform No
Systems Content Platform (HCP) No
Systems
Content Platform Anywhere
(HCP-AW) No
Systems Data Discovery Suite No
Systems
Data Discovery Suite for MS
SharePoint No
Systems Data Ingestor No
Systems Essential NAS Platform No
Systems High-performance NAS Platform No
Systems Hitachi Universal Storage VM Yes
Systems HUS File Module Yes 11.1.3200.00 + 080654
Systems HyperStor
Systems Mercury Yes 11.1.3200.00 + 080654
Systems NAS 4000 Series Yes 11.1.3200.00 + 080654
Systems NAS Platform Yes 11.1.3200.00 + 080654
Systems NAS Platform F No
Systems
Network Storage Controller
(NSC55) No
Systems Simple Modular Storage (SMS) No
Systems Titan No
Systems UCP for Microsoft Exchange No
Systems UCP for Microsoft SQL Server No
Systems UCP for Oracle Database No
Systems UCP Pro for VMware vSphere Yes 080667
Systems UCP Select for Citrix XenDesktop No
Systems
UCP Select for Microsoft Private
Cloud No
Systems UCP Select for Oracle No
Systems UCP Select for SAP HANA Yes
Scale-Out solutions use HNAS.
Please refer to HNAS product fo
https://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_080852.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_080852.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_080850.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_080850.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_080854.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_080854.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_080654.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_080654.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_080654.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_080654.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_080654.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_080654.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_080654.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_080654.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_080667.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_080667.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_080667.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_080654.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_080654.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_080654.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_080654.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_080854.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_080850.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_080852.hcsp
8/9/2019 Cust Letter Shellshock
32/32
(Heartbleed)
Product Type Product Name Affected? Version More Informationresolution. 080654
Systems UCP Select for VMware View Yes VMware 5.5
See VMware.com; No for
VMware 5.1
Systems UCP Select for VMware vSphere Yes VMware 5.5
See VMware.com; No for
VMware 5.1
Systems Unified Storage (HUS) No
Systems
Unified Storage File Module (HUS
FM) Yes 11.1.3200.00 + 080654
Systems Unified Storage VM (HUS VM) Yes OSS V03 080650
Systems
Universal Storage Platform V
(USP V) No
Systems
Universal Storage Platform VM
(USP VM) No
Systems
Hitachi Virtual Storage Platform
G1000 (VSP G1000) Yes OSS V01 080650
Systems Virtual Storage Platform (VSP) Yes OSS V06 080650
Systems
Workgroup Modular Storage
WMS No
Other
Hi-Track Remote Monitoring
system No
Other
Remote Access Control Center
(RACC) No
https://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_080654.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_080654.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_080654.hcsphttp://www.vmware.com/http://www.vmware.com/http://www.vmware.com/http://www.vmware.com/http://www.vmware.com/http://www.vmware.com/https://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_080654.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_080654.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_080650.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_080650.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_080650.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_080650.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_080650.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_080650.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_080650.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_080650.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_080650.hcsphttps://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_080654.hcsphttp://www.vmware.com/http://www.vmware.com/https://extranet.hds.com/redirect/http:/cmsprodpubextra.hds.com/cmsProdPubExtra/groups/extranet/@ti/@customer/documents/techalert/cust_01_080654.hcsp