You are on page 1of 64

L a s t

M o d i f i e d : 7 - M a y

2 0 1 5

Hitachi Data Systems Product Affectivity


for Worldwide Security Vulnerabilities
Hitachi Data Systems continuously strives to provide you with the highest quality products and solutions. We
take this responsibility very seriously. To this end, we constantly monitor our quality control and storage
system test processes to ensure that our products are secure and operating at peak performance.
When worldwide security vulnerabilities are identified, our Product Engineering and Global Security teams
review with our vendors any potential security threats that the vulnerability may pose within Hitachi Data
Systems product and solution offerings. At the completion of the assessment Hitachi Data Systems releases
product statements describing any exposure our customers may have to this issue. Our engineering teams
prepare circumvention and software fixes for any product affected to ensure that you are protected.
A list of worldwide security vulnerabilities is included in the table below. Click the name of the vulnerability to
view Hitachi Data Systems product affectivity matrix for that issue.

Security
Vulnerability

Description

CVE-2015-1635
HTTP.sys Remote
Code Execution
Vulnerability

CVE-2015-1635 HTTP.sys Remote Code Execution Vulnerability: HTTP.sys in Microsoft Windows


7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2
allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code
Execution Vulnerability."

April 22, 2015

CVE-2015-0290 & CVE-2015-0291 Open SSL Vulnerability: The multi-block feature in the
CVE-2015-0290 &
CVE-2015-0291 Open ssl3_write_bytes function in s3_pkt.c in OpenSSL 1.0.2 before 1.0.2a on 64-bit x86 platforms with AES NI
support does not properly handle certain non-blocking I/O cases, which allows remote attackers to cause a
SSL Vulnerability
denial of service (pointer corruption and application crash) via unspecified vectors.

March 30, 2015

FREAK vulnerability
(CVE-2015-0204)
March 4,2015

SAMBA
CVE-2015-0240
February 23, 2015

CVE-2015-0204-FREAK: The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0


before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA
downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a
noncompliant role.
CVE-2015-0240-Samba: is a security flaw in the smbd file server daemon. It can be exploited by a malicious
Samba client by sending specially-crafted packets to the Samba server. No authentication is required to
exploit this flaw. It can result in remotely controlled execution of arbitrary code as root.

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

L a s t

M o d i f i e d : 7 - M a y

Security
Vulnerability

2 0 1 5

Description
CVE-2015-0235 -GHOST is a 'buffer overflow' Linux bug affecting the gethostbyname() and
gethostbyname2() function calls in the glibc library. This vulnerability in Linux allows a remote attacker
that is able to make an application call to either of these functions to execute arbitrary code with the
permissions of the user running the application.

GHOST
(CVE-2015-0235)
January 27, 2015

NTP
(CVE-2014-9293
through CVE-20149296)

Network Time Protocol (NTP) Vulnerability (CVE-2014-9293 through CVE-2014-9296): A remote attacker
can send a carefully crafted packet that can overflow a stack buffer and potentially allow malicious code to
be executed with the privilege level of the ntpd process.

December 22, 2014


Padding Oracle On Downgraded Legacy Encryption (POODLE): An attacker who acts as man-in-the-middle
can force the SSL/TLS protocol to downgrade to version 3.0 if the attacked application supports this old SSL
version. This legacy protocol is not secure. Depending on the application, it may be possible for an
adversary to mount attacks that can lead to disclosure of secret data such as passwords or HTTP cookies.

POODLE
CVE-2014-3566
September 2014

Shellshock CVE-2014-6271 (and the related issues CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE2014-6277, and CVE-2014-6278): This vulnerability affects UNIX-based Bash (Bourne shell) and has the
potential to arbitrarily execute code within UNIX environments. Some native services and applications may
allow remote unauthenticated attackers to provide environment variables and exploit this issue.

Shellshock
CVE-2014-6271
September 24, 2014

OpenSSL Heartbleed
April 2014

OpenSSL Heartbleed: This is a serious vulnerability in the popular OpenSSL cryptographic software library.
This weakness allows stealing the information protected under normal conditions by the SSL/TLS
encryption used to secure the internet. SSL/TLS provides communication security and privacy over the
internet for applications such as web, email, instant messaging (IM) and some virtual private networks
(VPNs). The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected
by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the
service providers and to encrypt the traffic, the names and passwords of the users and the actual content.
This allows attackers to eavesdrop on communications, steal data directly from the services and users and
to impersonate services and users.

CVE-2015-1635 HTTP.sys Remote Code Execution


Vulnerability
The following table references Hitachi Data Systems products and solutions affected by the worldwide security issue known as CVE2015-1635 HTTP.sys Remote Code Execution Vulnerability. Open items are actively updated; please review this table frequently
for new details.

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

L a s t

M o d i f i e d : 7 - M a y

2 0 1 5

(CVE-2015-1635) HTTP.sys Remote Code Execution Vulnerability

Product Type

Product Name

Networking

Brocade

VTL
Networking
Networking
Networking

BusTech
Cisco Systems
Emulex
Qlogic

Software

Application Protector

Software

Arkivio
Business Continuity
Manager

Software
Software

CA Integration Module

Software

Clinical Repository Karos

Software
Software
Software

Affected?

Vulnerable?

Version

More Information

Clinical Repository Visbion


Command Director
Compute Systems
Manager

Software

Data Instance Manager

Software

Data Protection Suite

Software
Software

Device Manager
Dual Active ID

Software

Dynamic Link Manager

Software
Software

Dynamic Replicator
e-Copy

Software

IT Operations Analyzer

Software

IT Operations Analyzer
Advance

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

L a s t

M o d i f i e d : 7 - M a y

2 0 1 5

(CVE-2015-1635) HTTP.sys Remote Code Execution Vulnerability

Product Type

Product Name

Software

IT Operations Director

Software

IT Operations
Integrator

Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software

Software

Software

Storage Optimization
for MS SharePoint

Software

Vulnerable?

Version

More Information

IT Operations
Repository
LPAR
Microsoft Adapters
NanoCopy
Oracle Adapters
Power Saving
Protection Manager
Replication Manager
Replication Monitor
SAP Adapters
Sepaton
Server Conductor
Seven10
SpectraLogic
Storage Adapter for
Petrel
Storage Navigator
Modular 2

Software

Affected?

No

No

Recommend customer patch OS


of management server, if
applicable (see Microsoft MS15034)

Storage Services
Manager
Storage Viewer Suite
Backup Services
Manager (HBSM)
Storage Capacity
Reporter (HSCR)

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

L a s t

M o d i f i e d : 7 - M a y

2 0 1 5

(CVE-2015-1635) HTTP.sys Remote Code Execution Vulnerability

Product Type

Product Name

Affected?

Vulnerable?

Version

More Information

Storage Fabric Reporter


(HSFR)
Virtual Server Reporter
(HVSR)
File Analytics Reporter
(HFAR)

Software
Software
Software
Software
Software
Software
Software

StorFirst Apollo
Streaming Data
Platform
Symantec Adapters
Tiered Storage
Manager
Tiered Storage
Manager for MF
Tuning Manager
TurboLUN

Software

UCP Orchestration
Software

Software

Virtual Infrastructure
Integrator

Software

Virtual Tape Library


Diligent

VTL

Virtual Tape Library


FalconStor

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

L a s t

M o d i f i e d : 7 - M a y

2 0 1 5

(CVE-2015-1635) HTTP.sys Remote Code Execution Vulnerability

Product Type

Product Name

Software

VMware Adapters
Zone Allocation
Manager

Software

Systems

Adaptable Modular
Storage (AMS)

Systems

Adaptable Modular
Storage 2000

Systems

Capacity Optimization

File & Content

Affected?

No

Vulnerable?

Version

More Information

No

System does not contain


Windows OS.

No

No

System does not contain


Windows OS.

Content Platform (HCP)

No

No

File & Content

Content Platform
Anywhere (HCP-AW)

No

No

File & Content

HCP S Nodes

No

No

Systems

Data Discovery Suite

Systems

Data Discovery Suite


for MS SharePoint
HDI and HFSM do not use IIS7
where the vulnerability is found.
HDI and HFSM use Hitachi Web
Server for web services.

File & Content

Data Ingestor and


HNAS Platform F

No

No

If HFSM is installed in a windows


server where IIS7 is already
running, attacker can attack the
windows server through IIS7. In
this case please apply a patch or
workaround for the windows
server.

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

L a s t

M o d i f i e d : 7 - M a y

2 0 1 5

(CVE-2015-1635) HTTP.sys Remote Code Execution Vulnerability

Product Type

Product Name

Affected?

Vulnerable?

Systems

Essential NAS Platform

No

No

Systems

Hitachi Universal
Storage VM

No

No

File & Content

HUS File Module

No

No

Systems

HyperStor

File & Content

NAS 3x00 (Titan)

No

No

File & Content

NAS 30x0 (Mercury)

No

No

File & Content

NAS 4000 Series

No

No

File & Content

SMU

No

No

No

No

No

No

Systems
Systems

Network Storage
Controller (NSC55)
Simple Modular
Storage (SMS)

Version

System does not contain


Windows OS.
System does not use affected
versions of Windows OS.
System does not contain
Windows OS.

Systems

UCP for Microsoft


Exchange

Yes

Yes

ALL

Systems

UCP Select for


Microsoft SQL Server

Yes

Yes

ALL

Systems

UCP Select for Oracle


Database

Yes

Yes

ALL

Yes

Yes

ALL

Yes

Yes

ALL

Yes

Yes

ALL

Systems
Systems

Systems

UCP Pro (UCP 4000 /


4000e) for VMware
vSphere
UCP Pro (UCP
4000/4000e) for
Microsoft Private Cloud
UCP Select for SAP
HANA

More Information

System does not contain


Windows OS.
System does not contain
Windows OS.
System does not contain
Windows OS.
System does not contain
Windows OS.
System does not use affected
versions of Windows OS.
System does not contain
Windows OS.
Management Stack runs on
Windows Server, mitigation
under investigation.
Management Stack runs on
Windows Server, mitigation
under investigation.
Management Stack runs on
Windows Server, mitigation
under investigation.
Management Stack runs on
Windows Server, mitigation
under investigation.
Management Stack runs on
Windows Server, mitigation
under investigation.
Management Stack runs on
Windows Server, mitigation
under investigation.

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

L a s t

M o d i f i e d : 7 - M a y

2 0 1 5

(CVE-2015-1635) HTTP.sys Remote Code Execution Vulnerability

Product Type

Product Name

Affected?

Vulnerable?

Version

Systems

UCP Select for VMware


View

Yes

Yes

ALL

Systems

UCP Select for VMware


vSphere

Yes

Yes

ALL

Systems

Unified Storage File


Module (HUS FM)

No

No

Systems

Unified Storage (HUS)

No

No

System does not contain


Windows OS.

Systems

Unified Storage VM
(HUS VM)

No

No

System does not use affected


versions of Windows OS.

Systems

Universal Storage
Platform V (USP V)

No

No

System does not use affected


versions of Windows OS.

Universal Storage
Platform VM (USP VM)

No

No

Hitachi Virtual Storage


Platform G1000 (VSP
G1000)

No

No

No

No

No

No

Systems

Systems

Systems
Systems

Virtual Storage
Platform (VSP)
Workgroup Modular
Storage WMS

Other

Hi-Track Remote
Monitoring system

No

No

Other

Remote Access Control


Center (RACC)

No

No

More Information
Management Stack runs on
Windows Server, mitigation
under investigation.
Management Stack runs on
Windows Server, mitigation
under investigation.
System does not contain
Windows OS.

System does not use affected


versions of Windows OS.
SVP is Windows 7, however SVP
does not use IIS as a webserver so
unaffected. Regardless, patch
MS15-034 is forthcoming next
SVP Security Update CD (being
processed).
System does not use affected
versions of Windows OS.
System does not contain
Windows OS.
Recommend customer patch OS
of management server, if
applicable (see Microsoft MS15034)
Recommend customer patch OS
of management server, if
applicable (see Microsoft MS15034)

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

L a s t

M o d i f i e d : 7 - M a y

2 0 1 5

CVE-2015-0290 & CVE-2015-0291 Open SSL Vulnerability


The following table references Hitachi Data Systems products and solutions affected by the worldwide security issue known as CVE2015-0290 & CVE-2015-0291 Open SSL Vulnerability. Open items are actively updated; please review this table frequently for new
details.
(CVE-2015-0290/0291)

Product Type

Product Name

Networking

Brocade

VTL
Networking
Networking
Networking

BusTech
Cisco Systems
Emulex
Qlogic

Software

Application Protector

Software

Arkivio
Business Continuity
Manager

Software
Software

CA Integration Module

Software

Clinical Repository Karos

Software

Clinical Repository Visbion

Software
Software

Affected?

No

Vulnerable?

No

Version

FOS/NOS/BNA

More Information
http://www.brocade.com/service
s-support/driversdownloads/oscd/index.page?

Under vendor investigation 3/27


No

No

No

No

System does not implement


OpenSSL.

Command Director
Compute Systems
Manager

Software

Data Instance Manager

Software

Data Protection Suite

Software
Software

Device Manager
Dual Active ID

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

L a s t

M o d i f i e d : 7 - M a y

2 0 1 5

(CVE-2015-0290/0291)

Product Type

Product Name

Software

Dynamic Link Manager

Software
Software

Dynamic Replicator
e-Copy

Software

IT Operations Analyzer

Software

IT Operations Analyzer
Advance

Software

IT Operations Director

Software

IT Operations
Integrator

Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software

Affected?

Vulnerable?

No

No

Version

More Information

IT Operations
Repository
LPAR
Microsoft Adapters
NanoCopy
Oracle Adapters
Power Saving
Protection Manager
Replication Manager
Replication Monitor
SAP Adapters
Sepaton
Server Conductor
Seven10
SpectraLogic
Storage Adapter for
Petrel

Software

Storage Navigator
Modular 2

Software

Storage Optimization
for MS SharePoint

System does not implement


OpenSSL 1.0.2

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

10

L a s t

M o d i f i e d : 7 - M a y

2 0 1 5

(CVE-2015-0290/0291)

Product Type
Software

Product Name

Affected?

Vulnerable?

Version

More Information

Storage Services
Manager
Storage Viewer Suite
Backup Services
Manager (HBSM)
Storage Capacity
Reporter (HSCR)

Software

Storage Fabric Reporter


(HSFR)
Virtual Server Reporter
(HVSR)
File Analytics Reporter
(HFAR)

Software
Software
Software
Software
Software
Software
Software

StorFirst Apollo
Streaming Data
Platform
Symantec Adapters
Tiered Storage
Manager
Tiered Storage
Manager for MF
Tuning Manager
TurboLUN

Software

UCP Orchestration
Software

Software

Virtual Infrastructure
Integrator

Software

Virtual Tape Library


Diligent

VTL

Virtual Tape Library


FalconStor

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

11

L a s t

M o d i f i e d : 7 - M a y

2 0 1 5

(CVE-2015-0290/0291)

Product Type

Product Name

Software

VMware Adapters
Zone Allocation
Manager

Software

Systems

Adaptable Modular
Storage (AMS)

Systems

Adaptable Modular
Storage 2000

Systems

Capacity Optimization

File & Content

Affected?

No

Vulnerable?

Version

More Information

No

System does not implement


OpenSSL 1.0.2

No

No

System does not implement


OpenSSL 1.0.2

Content Platform (HCP)

No

No

All

File & Content

Content Platform
Anywhere (HCP-AW)

No

No

All

File & Content

HCP S Nodes

No

No

All

Systems

Data Discovery Suite

Systems

Data Discovery Suite


for MS SharePoint

File & Content

Data Ingestor and


HNAS Platform F

No

No

Product does not implement


OpenSSL 1.0.2

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

12

L a s t

M o d i f i e d : 7 - M a y

2 0 1 5

(CVE-2015-0290/0291)

Product Type

Product Name

Affected?

Vulnerable?

File & Content

Data Ingestor and


HNAS Platform F

No

No

Product does not implement


OpenSSL 1.0.2

Systems

Essential NAS Platform

Systems

Hitachi Universal
Storage VM

No

No

System does not implement


OpenSSL 1.0.2

File & Content

HUS File Module

Systems
File & Content
File & Content
File & Content
File & Content

HyperStor
NAS 3x00 (Titan)
NAS 30x0 (Mercury)
NAS 4000 Series
SMU
Network Storage
Controller (NSC55)
Simple Modular
Storage (SMS)
UCP for Microsoft
Exchange
UCP Select for
Microsoft SQL Server

No

No

No

No

Systems
Systems
Systems
Systems
Systems
Systems
Systems

Systems
Systems
Systems

Version

More Information

System does not implement


OpenSSL 1.0.2
System does not implement
OpenSSL 1.0.2

UCP Select for Oracle


Database
UCP Pro (UCP 4000 /
4000e) for VMware
vSphere
UCP Pro (UCP
4000/4000e) for
Microsoft Private Cloud
UCP Select for SAP
HANA
UCP Select for VMware
View
UCP Select for VMware
vSphere

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

13

L a s t

M o d i f i e d : 7 - M a y

2 0 1 5

(CVE-2015-0290/0291)

Product Type

Product Name

Affected?

Vulnerable?

Systems

Unified Storage File


Module (HUS FM)

Systems

Unified Storage (HUS)

No

No

System does not implement


OpenSSL 1.0.2

Systems

Unified Storage VM
(HUS VM)

No

No

System does not implement


OpenSSL 1.0.2

Systems

Universal Storage
Platform V (USP V)

No

No

System does not implement


OpenSSL 1.0.2

No

No

System does not implement


OpenSSL 1.0.2

No

No

System does not implement


OpenSSL 1.0.2

No

No

No

No

Systems
Systems

Systems
Systems

Universal Storage
Platform VM (USP VM)
Hitachi Virtual Storage
Platform G1000 (VSP
G1000)
Virtual Storage
Platform (VSP)
Workgroup Modular
Storage WMS

Version

More Information

System does not implement


OpenSSL 1.0.2
System does not implement
OpenSSL 1.0.2

Other

Hi-Track Remote
Monitoring system

Under investigation

Other

Remote Access Control


Center (RACC)

Under investigation

CVE-2015-0204 FREAK: Security flaw in Open SSL 1.0x


The following table references Hitachi Data Systems products and solutions affected by the worldwide security
issue known as CVE-2015-0240 Samba. Open items are actively updated; please review this table frequently for
new details.
(FREAK)
Product Type

Product Name

Affected?

Vulnerable?

Version

More Information

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

14

L a s t

M o d i f i e d : 7 - M a y

2 0 1 5

(FREAK)
Product Type

Product Name

Affected?

Vulnerable?

Version

More Information

Networking

Brocade

FOS and
NOS not
affected

BNA 12.3.2
and lower.

12.3.2 and
lower if SSL is
turned on.

Upgrade to BNA 12.3.4 or higher.

VTL

BusTech

Networking

Cisco Systems

Yes

Yes

Bug # CSCus42713 has been


opened for this issue

Networking
Networking

Emulex
Qlogic

Yes

Firmware fix May 15 timeframe

Software

Application Protector

Software

Arkivio
Business Continuity
Manager

Software
Software

CA Integration Module

Software

Clinical Repository Karos

Software
Software
Software

Yes

Clinical Repository Visbion


Command Director
Compute Systems
Manager

Software

Data Instance Manager

Software

Data Protection Suite

Software
Software

Device Manager
Dual Active ID

Software

Dynamic Link Manager

Software
Software

Dynamic Replicator
e-Copy

Software

IT Operations Analyzer

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

15

L a s t

M o d i f i e d : 7 - M a y

2 0 1 5

(FREAK)
Product Type

Product Name

Software

IT Operations Analyzer
Advance

Software

IT Operations Director

Software

IT Operations
Integrator

Software

IT Operations
Repository

Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software

Storage Navigator
Modular 2

Software

Storage Optimization
for MS SharePoint

Software

Vulnerable?

No

No

Version

More Information

LPAR
Microsoft Adapters
NanoCopy
Oracle Adapters
Power Saving
Protection Manager
Replication Manager
Replication Monitor
SAP Adapters
Sepaton
Server Conductor
Seven10
SpectraLogic
Storage Adapter for
Petrel

Software

Software

Affected?

Does not use the cipher of type


RSA-EXPORT

Storage Services
Manager
Storage Viewer Suite
Backup Services
Manager (HBSM)
Storage Capacity
Reporter (HSCR)

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

16

L a s t

M o d i f i e d : 7 - M a y

2 0 1 5

(FREAK)
Product Type

Product Name

Affected?

Vulnerable?

Version

More Information

Storage Fabric Reporter


(HSFR)
Virtual Server Reporter
(HVSR)
File Analytics Reporter
(HFAR)

Software
Software
Software
Software
Software
Software
Software

StorFirst Apollo
Streaming Data
Platform
Symantec Adapters
Tiered Storage
Manager
Tiered Storage
Manager for MF
Tuning Manager
TurboLUN

Software

UCP Orchestration
Software

Software

Virtual Infrastructure
Integrator

Software

Virtual Tape Library


Diligent

VTL

Virtual Tape Library


FalconStor

NO

NO

All

Only effects clients when a server


indicates the client needs to
downgrade the security session.
This does not affect the server.

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

17

L a s t

M o d i f i e d : 7 - M a y

2 0 1 5

(FREAK)
Product Type

Product Name

Software

VMware Adapters
Zone Allocation
Manager

Software

Systems

Adaptable Modular
Storage (AMS)

Systems

Adaptable Modular
Storage 2000

Systems

Capacity Optimization

Systems

File & Content

File & Content

File & Content

Affected?

No

No

Vulnerable?

Version

More Information

No

System is never SSL client

No

System is never SSL client

Compute Blade and Compute Rack Products

Content Platform (HCP)

Content Platform
Anywhere (HCP-AW)

HCP S Nodes

No

No

No

No

No

No

All

All

All

HCP does not use the affected


ciphers. HCP is not vulnerable.

HCP Anywhere does not use the


affected ciphers. HCP Anywhere
is not vulnerable.
HCP S Series is not vulnerable to
CVE-2015-0204. It does not
accept any of the cipher suites
that are vulnerable.

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

18

L a s t

M o d i f i e d : 7 - M a y

2 0 1 5

(FREAK)
Product Type

Product Name

Affected?

Vulnerable?

Systems

Data Discovery Suite

Systems

Data Discovery Suite


for MS SharePoint

File & Content

Data Ingestor and


HNAS Platform F

File & Content

Data Ingestor and


HNAS Platform F

Systems

Essential NAS Platform

Systems

Hitachi Universal
Storage VM

No

No

File & Content

HUS File Module

Yes

No

Systems
File & Content
File & Content
File & Content
File & Content

HyperStor
NAS 3x00 (Titan)
NAS 30x0 (Mercury)
NAS 4000 Series
SMU
Network Storage
Controller (NSC55)
Simple Modular
Storage (SMS)

Yes
Yes
Yes
Yes

No
No
No
No

No

No

No

No

Systems
Systems

Version

More Information

Disable SSLv3 as per 81621

Disable SSLv3 as per 81621


Disable SSLv3 as per 81621
Disable SSLv3 as per 81621
Disable SSLv3 as per 81621

Systems

UCP for Microsoft


Exchange

NO

NO

ALL

Systems

UCP Select for


Microsoft SQL Server

NO

NO

ALL

Systems

UCP Select for Oracle


Database

NO

NO

ALL

Systems

UCP Pro (UCP 4000 /


4000e) for VMware
vSphere

NO

NO

ALL

Only effects clients when a server


indicates the client needs to
downgrade the security session.
This does not affect the server.
Only effects clients when a server
indicates the client needs to
downgrade the security session.
This does not affect the server.
Only effects clients when a server
indicates the client needs to
downgrade the security session.
This does not affect the server.
Only effects clients when a server
indicates the client needs to
downgrade the security session.
This does not affect the server.

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

19

L a s t

M o d i f i e d : 7 - M a y

2 0 1 5

(FREAK)
Product Type

Product Name

Systems

UCP Pro (UCP


4000/4000e) for
Microsoft Private Cloud

NO

NO

ALL

UCP Select for SAP


HANA

NO

NO

ALL

UCP Select for VMware


View

NO

NO

ALL

Systems

UCP Select for VMware


vSphere

NO

NO

ALL

Systems

Unified Storage File


Module (HUS FM)

Yes

No

Disable SSLv3 as per 81621

Systems

Unified Storage (HUS)

No

No

System is never SSL client

Systems

Unified Storage VM
(HUS VM)

No

No

Systems

Universal Storage
Platform V (USP V)

No

No

No

No

No

No

No

No

No

No

Systems

Systems

Systems
Systems

Systems
Systems

Universal Storage
Platform VM (USP VM)
Hitachi Virtual Storage
Platform G1000 (VSP
G1000)
Virtual Storage
Platform (VSP)
Workgroup Modular
Storage WMS

Affected?

Vulnerable?

Other

Hi-Track Remote
Monitoring system

No

No

Other

Remote Access Control


Center (RACC)

No

No

Version

More Information
Only effects clients when a server
indicates the client needs to
downgrade the security session.
This does not affect the server.
Only effects clients when a server
indicates the client needs to
downgrade the security session.
This does not affect the server.
Only effects clients when a server
indicates the client needs to
downgrade the security session.
This does not affect the server.
Only effects clients when a server
indicates the client needs to
downgrade the security session.
This does not affect the server.

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

20

L a s t

M o d i f i e d : 7 - M a y

2 0 1 5

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

21

L a s t

M o d i f i e d : 7 - M a y

2 0 1 5

CVE-2015-0204 SAMBA: Security flaw in smbd file srvr daemon


The following table references Hitachi Data Systems products and solutions affected by the worldwide security
issue known as CVE-2015-0240 Samba. Open items are actively updated; please review this table frequently for
new details.
(SAMBA)
Product Type

Product Name

Affected?

Vulnerable?

Version

Networking
VTL
Networking
Networking
Networking

Brocade
BusTech
Cisco Systems
Emulex
Qlogic

No

No

FOS, NOS, BNA

Software

Application Protector

Software

Arkivio
Business Continuity
Manager

Software
Software

CA Integration Module

Software

Clinical Repository Karos

Software
Software
Software

Clinical Repository Visbion


Command Director
Compute Systems
Manager

Software

Data Instance Manager

Software

Data Protection Suite

Software
Software

Device Manager
Dual Active ID

Software

Dynamic Link Manager

Software
Software

Dynamic Replicator
e-Copy

More Information
Under investigation by vendor

No

No

No

No

Under investigation by vendor

Under investigation by vendor


Under investigation by vendor

Under investigation by vendor

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

22

L a s t

M o d i f i e d : 7 - M a y

2 0 1 5

(SAMBA)
Product Type

Product Name

Software

IT Operations Analyzer

Software

IT Operations Analyzer
Advance

Software

IT Operations Director

Software

IT Operations
Integrator

Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software

Storage Navigator
Modular 2

Software

Storage Optimization
for MS SharePoint

Software

Vulnerable?

IT Operations
Repository
LPAR
Microsoft Adapters
NanoCopy
Oracle Adapters
Power Saving
Protection Manager
Replication Manager
Replication Monitor
SAP Adapters
Sepaton
Server Conductor
Seven10
SpectraLogic
Storage Adapter for
Petrel

Software

Software

Affected?

Version

More Information

Under investigation by vendor


Under investigation by vendor

No

No

SNM2 does not contain Linux OS.

Storage Services
Manager
Storage Viewer Suite
Backup Services
Manager (HBSM)

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

23

L a s t

M o d i f i e d : 7 - M a y

2 0 1 5

(SAMBA)
Product Type

Product Name

Affected?

Vulnerable?

Version

More Information

Storage Capacity
Reporter (HSCR)
Storage Fabric Reporter
(HSFR)
Virtual Server Reporter
(HVSR)
File Analytics Reporter
(HFAR)

Software
Software
Software
Software
Software
Software
Software

StorFirst Apollo
Streaming Data
Platform
Symantec Adapters
Tiered Storage
Manager
Tiered Storage
Manager for MF
Tuning Manager
TurboLUN

Software

UCP Orchestration
Software

Software

Virtual Infrastructure
Integrator

Software

Virtual Tape Library


Diligent

VTL

Virtual Tape Library


FalconStor

Low attach rate. Working on


patch.

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

24

L a s t

M o d i f i e d : 7 - M a y

2 0 1 5

(SAMBA)
Product Type

Product Name

Software

VMware Adapters
Zone Allocation
Manager

Software

Systems

Adaptable Modular
Storage (AMS)

Systems

Adaptable Modular
Storage 2000

Systems

Capacity Optimization

Systems

Affected?

No

Vulnerable?

Version

More Information

No

Product does not contain Linux


OS

No

No

Product does not contain Linux


OS

Compute Blade 2000

No

No

N/A

Systems

Compute Blade 500

No

No

N/A

Systems

Compute Blade 320

No

No

N/A

Systems

Compute Rack
210H/220H/220S
Compute Rack 220

No

No

N/A

No

No

N/A

Systems

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

25

L a s t

M o d i f i e d : 7 - M a y

2 0 1 5

(SAMBA)
Product Type

Product Name

File & Content

Content Platform (HCP)

File & Content

Content Platform
Anywhere (HCP-AW)

File & Content

HCP S Nodes

Systems

Data Discovery Suite

Systems

Data Discovery Suite


for MS SharePoint

File & Content

Data Ingestor and


HNAS Platform F

Systems

Essential NAS Platform

Systems

Affected?

Vulnerable?

Version

More Information
HCP 6.x and HCP 7.x systems
using the CIFS namespace
gateway with Active Directory
authentication are vulnerable. A
fix for this vulnerability will be
included in the 7.1.1 maintenance
release and a hotfix for 6.x will be
available by 3wwwww March
31st.
HCP Anywhere does not run
Samba and is not vulnerable
Under review.

All

HDI Engineering will include a fix


for this vulnerability in a
maintenance release 5.1.1-04.
Customers are encouraged to
upgrade to this release. The
maintenance release is expected
to be delivered to HDS on March
18, 2015.

Yes

Yes

Hitachi Universal
Storage VM

No

No

Product does not contain Linux


OS

File & Content

HUS File Module

No

No

Does not include Samba

Systems

HyperStor

File & Content

NAS 3x00 (Titan)

No

No

No LINUX

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

26

L a s t

M o d i f i e d : 7 - M a y

2 0 1 5

(SAMBA)
Product Type

Product Name

Affected?

Vulnerable?

File & Content

NAS 30x0 (Mercury)

No

No

Does not include Samba

File & Content

NAS 4000 Series

No

No

Does not include Samba

File & Content

SMU

No

No

Does not include Samba

No

No

No

No

No

No

Systems
Systems
Systems
Systems
Systems
Systems
Systems

Systems

Systems
Systems
Systems

Network Storage
Controller (NSC55)
Simple Modular
Storage (SMS)
UCP for Microsoft
Exchange
UCP Select for
Microsoft SQL Server
UCP Select for Oracle
Database
UCP Pro (UCP 4000 /
4000e) for VMware
vSphere
UCP Pro (UCP
4000/4000e) for
Microsoft Private Cloud
UCP Select for SAP
HANA

UCP Select for VMware


View
UCP Select for VMware
vSphere
Unified Storage File
Module (HUS FM)

Systems

Unified Storage (HUS)

No

No

Systems

Unified Storage VM
(HUS VM)

No

No

Version

More Information

Product does not contain Linux


OS
Product does not contain Linux
OS

Does not include Samba


Product does not contain Linux
OS
Product does not contain Linux
OS

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

27

L a s t

M o d i f i e d : 7 - M a y

2 0 1 5

(SAMBA)
Product Type

Product Name

Affected?

Vulnerable?

Systems

Universal Storage
Platform V (USP V)

No

No

Product does not contain Linux


OS

No

No

Product does not contain Linux


OS

No

No

Product does not contain Linux


OS

No

No

No

No

No

No

No

No

Systems
Systems

Systems
Systems
Other
Other

Universal Storage
Platform VM (USP VM)
Hitachi Virtual Storage
Platform G1000 (VSP
G1000)
Virtual Storage
Platform (VSP)
Workgroup Modular
Storage WMS
Hi-Track Remote
Monitoring system
Remote Access Control
Center (RACC)

Version

More Information

Product does not contain Linux


OS
Product does not contain Linux
OS

RACC does not support Linux

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

28

L a s t

M o d i f i e d : 7 - M a y

2 0 1 5

CVE-2015-0235 GHOST: glibc gethostbyname

Buffer Overflow

The following table references Hitachi Data Systems products and solutions affected by the worldwide
security issue known as NTP. Open items are actively updated; please review this table frequently for new
details.
(GHOST)
Product Type

Product Name

Networking

Brocade

VTL

BusTech

Networking

Affected?

Vulnerable?

Version

No

No

FOS, NOS , BNA

Cisco Systems

Yes

Yes

NXOS v6.x, v5.x

Networking
Networking

Emulex
Qlogic

No

No

Software

Application Protector

Software

Arkivio
Business Continuity
Manager

Software

More Information
http://www.brocade.com/downl
oads/documents/technical_supp
ort_bulletins/brocadeassessment-gnu-c-library-sa.pdf
Vendor investigation 1/27/15
Bug CSCus68360 is fixed in
v5.2(8f) and 6.2(11b)

Vendor investigation 1/27/15


No

No

BCM does not utilize glibc

Software

CA Integration Module

Software

Clinical Repository Karos

Vendor investigation 1/27/15

Clinical Repository Visbion


Command Director

Vendor investigation 1/27/15

Software
Software
Software

Compute Systems
Manager

Software

Data Instance Manager

Software

Data Protection Suite

Yes

Yes

Fixed with
Service Pak 9

http://documentation.commvault
.com/commvault/v10/article?p=a
nnouncement/announcements.ht
m

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

29

L a s t

M o d i f i e d : 7 - M a y

2 0 1 5

(GHOST)
Product Type

Product Name

Software
Software

Device Manager
Dual Active ID

Software

Dynamic Link Manager

Software
Software

Dynamic Replicator
e-Copy

Software

IT Operations Analyzer

Software

IT Operations Analyzer
Advance

Software

IT Operations Director

Software

IT Operations
Integrator

Software

IT Operations
Repository

Software

LPAR

Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software

Microsoft Adapters
NanoCopy
Oracle Adapters
Power Saving
Protection Manager
Replication Manager
Replication Monitor
SAP Adapters
Sepaton
Server Conductor
Seven10
SpectraLogic
Storage Adapter for
Petrel

Software

Affected?

Vulnerable?

Version

More Information

Vendor investigation 1/27/15

Tbd

Tbd

Updated expected 3-Feb-14 for:


CB 2500, CB 2000, CB 500,
CB 320

Vendor investigation 1/27/15


Vendor investigation 1/27/15

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

30

L a s t

M o d i f i e d : 7 - M a y

2 0 1 5

(GHOST)
Product Type

Product Name

Software

Storage Navigator
Modular 2

No

No

Software

Storage Optimization
for MS SharePoint

No

No

Yes

Yes

Software

Affected?

Vulnerable?

Version

More Information
SNM2 does not contain Linux
OS/glibc. Recommend customer
upgrade to fixed OS/glibc and
then restart SNM2 service.

Storage Services
Manager
Storage Viewer Suite
Backup Services
Manager (HBSM)
Storage Capacity
Reporter (HSCR)

Software

Storage Fabric Reporter


(HSFR)
Virtual Server Reporter
(HVSR)
File Analytics Reporter
(HFAR)

Software
Software
Software
Software

StorFirst Apollo
Streaming Data
Platform
Symantec Adapters
Tiered Storage
Manager

Software

Tiered Storage
Manager for MF

Software
Software

Tuning Manager
TurboLUN

Software

UCP Orchestration
Software

Software

Virtual Infrastructure
Integrator

ALL

Under Investigation

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

31

L a s t

M o d i f i e d : 7 - M a y

2 0 1 5

(GHOST)
Product Type

Product Name

Software

Virtual Tape Library


Diligent

Affected?

Vulnerable?

Version

More Information

VTL

Virtual Tape Library


FalconStor

Software
Software

You can download the


patches from the
FalconStor Customer
Support Portal. updaterhel5x06 for CDP
update-rhel5x06 for NSS
update-rhel5x06 for
VTL/SIR
update-rhel5x06 for
VTL/SIR
update-rhel5x06 for
VTL/SIR
update-rhel5x06 for
VTL/SIR

VMware Adapters
Zone Allocation
Manager
No

Systems

Adaptable Modular
Storage (AMS)

Systems

Adaptable Modular
Storage 2000

Systems

Capacity Optimization

Systems

Compute Blade and Compute Rack Products

No

No

Product does not contain Linux


OS, nor glibc library

No

Product does not contain Linux


OS, nor glibc library

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

32

L a s t

M o d i f i e d : 7 - M a y

2 0 1 5

(GHOST)
Product Type

Product Name

Affected?

Vulnerable?

Version

More Information

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

33

L a s t

M o d i f i e d : 7 - M a y

2 0 1 5

(GHOST)
Product Type

Product Name

Affected?

Vulnerable?

Version

More Information

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

34

L a s t

M o d i f i e d : 7 - M a y

2 0 1 5

(GHOST)
Product Type

File & Content

File & Content

Product Name

Content Platform (HCP)

Content Platform
Anywhere (HCP-AW)

Affected?

Yes

Yes

Vulnerable?

No

No

Version

All

More Information

HCP is running impacted versions


of the glibc libraries, however the
vulnerability described in CVE2015-0235 is not exploitable via
any HCP gateways (SSH).
HCP Anywhere versions 1.3 and
earlier are running impacted
versions of the glibc libraries.
However the vulnerability
described in CVE-2015-0235 is
not exploitable via any HCP
Anywhere gateways. The glibc
libraries will be updated to the
latest non-impacted version in
the 2.0 release of HCP Anywhere
which is scheduled for GA on
March 6, 2015.

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

35

L a s t

M o d i f i e d : 7 - M a y

2 0 1 5

(GHOST)
Product Type

Product Name

Affected?

Vulnerable?

Systems

Data Discovery Suite

Yes

Yes

Systems

Data Discovery Suite


for MS SharePoint

No

No

File & Content

Data Ingestor and


HNAS Platform F

Yes

Yes

Version

All

All versions
prior to
03-01-00-00

File & Content

Data Ingestor and


HNAS Platform F

Yes

No

03-01-00-00
and above

Systems

Essential NAS Platform

Yes

Yes

All

Systems

Hitachi Universal
Storage VM

No

No

File & Content

HUS File Module

Yes

No

Systems

HyperStor

More Information
HDDS does not use the
gethostbyname function of the
glibc, therefore under normal
operations of HDDS, it is not
affected. However, HDS and Red
Hat recommend the installation
of RHEL 6.2 as there is a security
update which should be applied.
"GHOST: glibc vulnerability (CVE2015-0235)
"https://access.redhat.com/articl
es/1332213
"glibc security update RHSA2015:0099"https://rhn.redhat.co
m/errata/RHSA-2015-0099.html

Yes. If the customer uses HDI


before 03-01-00-00, please
upgrade HDI before 03-01-00-00
to 03-01-00-00 or later.
03-01-00-00 and above versions
do not call any of the affected
gethostbyname functions and
FOS verifies the length of the
hostname and rejects processing
if the hostname variable is too
long.
No fix is currently planned.
Customers should contact their
Account team if a fix is required.
Product does not contain Linux
OS, nor glibc library
See Tech Bulletin - 82081

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

36

L a s t

M o d i f i e d : 7 - M a y

2 0 1 5

(GHOST)
Product Type

Product Name

Affected?

Vulnerable?

File & Content


File & Content
File & Content
File & Content

NAS 3x00 (Titan)


NAS 30x0 (Mercury)
NAS 4000 Series
SMU
Network Storage
Controller (NSC55)
Simple Modular
Storage (SMS)
UCP for Microsoft
Exchange
UCP Select for
Microsoft SQL Server

No
Yes
Yes
Yes

No
No
No
No

No

No

No

No

No

No

No

No

No

No

Yes

Yes

Fix currently being developed.


(1/28/15)

Yes

Yes

Fix currently being developed.


(1/28/15)

Yes

Yes

Systems
Systems
Systems
Systems
Systems
Systems
Systems

Systems
Systems

UCP Select for Oracle


Database
UCP Pro (UCP 4000 /
4000e) for VMware
vSphere
UCP Pro (UCP
4000/4000e) for
Microsoft Private Cloud
UCP Select for SAP
HANA

Version

More Information
No LINUX
See Tech Bulletin - 82081
See Tech Bulletin - 82081
See Tech Bulletin - 82081
Product does not contain Linux
OS, nor glibc library
Product does not contain Linux
OS, nor glibc library

SUSE Linux Enterprise 11 and


older products. Patches have
been released and can be found
at: This Link

UCP Select for VMware


View

No

No

Systems

UCP Select for VMware


vSphere

No

No

Systems

Unified Storage File


Module (HUS FM)

Yes

No

See Tech Bulletin - 82081

Systems

Unified Storage (HUS)

No

No

Product does not contain Linux


OS, nor glibc library

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

37

L a s t

M o d i f i e d : 7 - M a y

2 0 1 5

(GHOST)
Product Type

Product Name

Affected?

Vulnerable?

Version

More Information

Systems

Unified Storage VM
(HUS VM)

No

No

Product does not contain Linux


OS, nor glibc library

No

No

Product does not contain Linux


OS, nor glibc library

No

No

Product does not contain Linux


OS, nor glibc library

No

No

Product does not contain Linux


OS, nor glibc library

No

No

No

No

Universal Storage
Platform V
Systems

(USP V)

Systems

Universal Storage
Platform VM (USP VM)
Hitachi Virtual Storage
Platform G1000 (VSP
G1000)
Virtual Storage
Platform (VSP)
Workgroup Modular
Storage WMS

Systems

Systems
Systems
Other

Hi-Track Remote
Monitoring system

No

No

Other

Remote Access Control


Center (RACC)

No

No

Product does not contain Linux


OS, nor glibc library
Product does not contain Linux
OS, nor glibc library

RACC does not support Linux

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

38

L a s t

M o d i f i e d : 7 - M a y

2 0 1 5

NTP (CVE-2014-9293 through CVE-2014-9296)


The following table references Hitachi Data Systems products and solutions affected by the worldwide security
issue known as NTP. Open items are actively updated; please review this table frequently for new details.
(NTP)
Product Type

Product Name

Affected?

Vulnerable?

Version

More Information

Networking

Brocade

No

No

FOS, NOS and


BNA.

NTP VU#852879 Vulnerability


Assessment for Brocade

VTL

BusTech

Networking

Cisco Systems

MDS products
are affected

Vendor investigation 1/8/15


Bug ID CSCus26870 fixed in NXOS
5.2(8f), 6.2(11b)

Networking

Emulex

Networking

Qlogic

Software

Application Protector

Software

Arkivio
Business Continuity
Manager

Software

Yes

Yes

No

No

Vendor investigation 1/8/15


No

No

Product does not utilize ntpd

Software

CA Integration Module

Software

Clinical Repository Karos

Vendor investigation 1/8/15

Clinical Repository Visbion


Command Director
Compute Systems
Manager

Vendor investigation 1/8/15

Software
Software
Software
Software

Data Discovery Suite


for MS SharePoint

Software

Data Instance Manager

Software

Data Protection Suite

Software
Software

Device Manager
Dual Active ID

Software

Dynamic Link Manager

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

39

L a s t

M o d i f i e d : 7 - M a y

2 0 1 5

(NTP)
Product Type

Product Name

Affected?

Vulnerable?

Version

More Information
No dependency on NTP for
Scout.(only if you use it to sync
with a time server for sync.

Software

Dynamic Replicator

And you can get around these


security vulnerabilities by
updating the with latest NTP
RPMs
For RHEL, please look at :
https://rhn.redhat.com/errata/R
HSA-2014-2024.html

Software

e-Copy

File & Content

Extension Pack for


Secure FTP

Software

IT Operations Analyzer

Software

IT Operations Analyzer
Advance

Software

IT Operations Director

Software

IT Operations
Integrator

Software
Software
Software
Software
Software
Software
Software

IT Operations
Repository
Microsoft Adapters
NanoCopy
Oracle Adapters
Power Saving
Protection Manager
Replication Manager

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

40

L a s t

M o d i f i e d : 7 - M a y

2 0 1 5

(NTP)
Product Type

Product Name

Software
Software
Software
Software
Software

Replication Monitor
SAP Adapters
Sepaton
Server Conductor
Seven10

Software

SpectraLogic

Software

Storage Adapter for


Petrel

Software

Storage Navigator
Modular 2

Software

Storage Optimization
for MS SharePoint

Software

Affected?

Vulnerable?

Yes

Low

No

No

Version

Verde

More Information

Vendor investigation 1/8/15


Tape not affected Disk low
impact, however Patch being
released. Fix in new version.

Product does not utilize ntpd

Storage Services
Manager
Storage Viewer Suite
Backup Services
Manager (HBSM)
Storage Capacity
Reporter (HSCR)

Software

Storage Fabric Reporter


(HSFR)
Virtual Server Reporter
(HVSR)
File Analytics Reporter
(HFAR)

Software
Software
Software
Software
Software

StorFirst Apollo
Streaming Data
Platform
Symantec Adapters
Tiered Storage
Manager
Tiered Storage
Manager for MF

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

41

L a s t

M o d i f i e d : 7 - M a y

2 0 1 5

(NTP)
Product Type

Product Name

Software
Software

Tuning Manager
TurboLUN

Software

UCP Orchestration
Software

Software

Virtual Infrastructure
Integrator

Software

Virtual Tape Library


Diligent

VTL

Virtual Tape Library


FalconStor

Software
Software

Affected?

Vulnerable?

Version

Yes

Yes

All Versions

More Information

Affected. Working on patch for


current version, addressed in
future versions. 1-8-15

VMware Adapters
Zone Allocation
Manager

Systems

Adaptable Modular
Storage (AMS)

Systems

Adaptable Modular
Storage 2000

Systems

Capacity Optimization

No

No

No

Product does not utilize ntpd

No

Product does not utilize ntpd

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

42

L a s t

M o d i f i e d : 7 - M a y

2 0 1 5

(NTP)
Product Type

Product Name

Affected?

Vulnerable?

Version

More Information

Compute Blade and Compute Rack Products


CVE-2014-9294 is not applicable to any product
CVE-2014-9296 is not applicable to any product

Systems

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

43

L a s t

M o d i f i e d : 7 - M a y

2 0 1 5

(NTP)
Product Type

Product Name

File & Content

Content Platform (HCP)


and Content Platform
Anywhere (HCP-AW)

Systems

Data Discovery Suite

Systems

Data Discovery Suite


for MS SharePoint

Affected?

No

Vulnerable?

Version

More Information

No

External time servers connected


to HCP should be secure and
trusted servers that should be
updated to NTP 4.2.8 or greater

File & Content

Data Ingestor

No

No

System does not use Key


Authentication and discards
connection requests exploited by
vulnerability

Systems

Hitachi Universal
Storage VM

No

No

Product does not utilize ntpd

File & Content

HUS File Module

Yes

Systems
File & Content

HyperStor
NAS 3x00 (Titan)

No

File & Content

NAS 30x0 (Mercury)

Yes

File & Content

NAS 4000 Series

Yes

File & Content

SMU

Yes

No
Limited (no
Internet)
Limited (no
Internet)
Limited (no
Internet)

File & Content

NAS Platform F

No

No

Not a LINUX base, custom NTP


Fix will be available in 12.1MR
(TBD) in Feb 2015
Fix will be available in 12.1MR
(TBD) in Feb 2015
Fix will be available in SMU
12.1.3613.08, 12.2.3753.07 in Feb
2015
System does not use Key
Authentication and discards
connection requests exploited by
vulnerability

No

No

Product does not utilize ntpd

No

No

Product does not utilize ntpd

No

No

No

No

No

No

Systems
Systems
Systems
Systems
Systems

Network Storage
Controller (NSC55)
Simple Modular
Storage (SMS)
UCP for Microsoft
Exchange
UCP Select for
Microsoft SQL Server
UCP Select for Oracle
Database

All GA
All GA
All GA

NTP issue is found in UCP


Director only.
NTP issue is found in UCP
Director only.
NTP issue is found in UCP
Director only.

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

44

L a s t

M o d i f i e d : 7 - M a y

2 0 1 5

(NTP)
Product Type
Systems
Systems

Systems
Systems

Product Name
UCP Pro (UCP 4000 /
4000e) for VMware
vSphere
UCP Pro (UCP
4000/4000e) for
Microsoft Private Cloud
UCP Select for SAP
HANA

Affected?

Vulnerable?

Yes

Yes

NTP issue is found in UCP


Director only.

No

No

NTP issue is found in UCP


Director only.

No

NTP issue is found in UCP


Director only.

No

Version

More Information

UCP Select for VMware


View

No

No

NTP issue is found in UCP


Director only.

Systems

UCP Select for VMware


vSphere

No

No

NTP issue is found in UCP


Director only.

Systems

Unified Storage File


Module (HUS FM)

Systems

Unified Storage (HUS)

No

No

Product does not utilize ntpd

Systems

Unified Storage VM
(HUS VM)

No

No

Product does not utilize ntpd

Universal Storage
Platform V

No

No

Product does not utilize ntpd

Systems

(USP V)

Systems

Universal Storage
Platform VM (USP VM)
Hitachi Virtual Storage
Platform G1000 (VSP
G1000)
Virtual Storage
Platform (VSP)
Workgroup Modular
Storage WMS

Systems

Systems
Systems

No
No

Product does not utilize ntpd

No

No

Product does not utilize ntpd

No

No

Product does not utilize ntpd

No

No

Product does not utilize ntpd

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

45

L a s t

M o d i f i e d : 7 - M a y

2 0 1 5

(NTP)
Product Type

Product Name

Affected?

Vulnerable?

Other

Hi-Track Remote
Monitoring system

No

No

Other

Remote Access Control


Center (RACC)

No

No

Version

More Information

Poodle CVE-2014-3566
The following table references Hitachi Data Systems products and solutions affected by the worldwide security
issue known as Poodle. Open items are actively updated; please review this table frequently for new details.
(POODLE)
Product
Type

Product Name

Affected? Vulnerable? Version


Yes

Yes

FOS 6.x
FOS 7.x

Networking Cisco Systems

Yes

Yes

NX-OS
5.x; 6.x

Networking Emulex

No

No

Networking Brocade
VTL

BusTech

Networking Qlogic

Yes

Software

Application Protector

Software

Arkivio

Software

Business Continuity
Manager

Software

CA Integration
Module

Yes

Yes

No

8.0.14.12
and
below

All

More Information
Fix issued in the following FOS releases:
6.4.3g; 7.02f; 7.1.2c; 7.2.1d; 7.3.0c
Under Investigation as of 10-16
Fixed in the following NXOS releases: 5.2(8e),
6.2(9a) and 6.2(11b)
Fixed in firmware 8.0.14.13.00

Under Investigation as of 10-16


BCM does not use SSL, but IBM HTTP Server
(HIS) uses SSL communications between BCM
and HRpM. IBM recommends disabling SSL v3.

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

46

L a s t
(POODLE)
Product
Type
Software
Software
Software

M o d i f i e d : 7 - M a y

2 0 1 5

Product Name

Affected? Vulnerable? Version

More Information

Clinical Repository Karos

Yes

Has statement.

Clinical Repository Visbion


Command Director

No

Low

Under Investigation as of 10-16

No
Yes

Need to disable SSL v3 on server side and use


other secure communication method with
client side.

Yes

Need to disable SSL v3 on server side and use


other secure communication method with
client side.

Software

Compute Systems
Manager

Software

Data Discovery Suite


for MS SharePoint

Software

Data Instance
Manager

Software

Data Protection Suite

Software

Device Manager

Software

Dual Active ID

Software

Dynamic Link
Manager

Software
Software

Dynamic Replicator
e-Copy

File &
Content

Extension Pack for


Secure FTP

Software

IT Operations
Analyzer

Yes

Software

IT Operations
Analyzer Advance

Yes

Software

IT Operations Director

Yes

No

Need to disable SSL v3 on server side and use


other secure communication method with
client side.
Under Investigation as of 10-16.

Need to disable SSL v3 on server side and use


other secure communication method with
client side.
Need to disable SSL v3 on server side and use
other secure communication method with
client side.
Need to disable SSL v3 on server side and use
other secure communication method with
client side.

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

47

L a s t
(POODLE)
Product
Type

M o d i f i e d : 7 - M a y

Product Name

Affected? Vulnerable? Version

Software

IT Operations
Integrator

No

Software

IT Operations
Repository

No

Software
Software
Software
Software
Software

Microsoft Adapters
NanoCopy
Oracle Adapters
Power Saving
Protection Manager

Software

Replication Manager

Software
Software
Software
Software
Software
Software

Replication Monitor
SAP Adapters
Sepaton
Server Conductor
Seven10
SpectraLogic
Storage Adapter for
Petrel

Software

Software

Storage Navigator
Modular 2

Software

Storage Optimization
for MS SharePoint

Software
Software

2 0 1 5

More Information
Need to disable SSL v3 on server side and use
other secure communication method with
client side.
Need to disable SSL v3 on server side and use
other secure communication method with
client side.

Need to disable SSL v3 on server side and use


other secure communication method with
client side.

Yes

Under Investigation as of 10-16

No
Under Investigation as of 10-16

Yes

Low Risk

V4 and
above for
DF850
V21 and
above for
DF800

SNM2 GUI is affected (NOT CLI, NOT API). Fix


schedule TBD, Alert pending. Suggest
disabling SSL v3 in web browser for interim

Storage Services
Manager
Storage Viewer Suite
Backup Services
Manager (HBSM)

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

48

L a s t
(POODLE)
Product
Type

M o d i f i e d : 7 - M a y

Product Name

Affected? Vulnerable? Version

2 0 1 5

More Information

Storage Capacity
Reporter (HSCR)
Storage Fabric
Reporter (HSFR)
Virtual Server Reporter
(HVSR)
File Analytics Reporter
(HFAR)

Software

StorFirst Apollo
Streaming Data
Platform
Symantec Adapters

No

Software

Tiered Storage
Manager

Yes

Need to disable SSL v3 on server side and use


other secure communication method with
client side.

Software

Tiered Storage
Manager for MF

Software

Tuning Manager

Yes

Need to disable SSL v3 on server side and use


other secure communication method with
client side.

Software

TurboLUN

Software

UCP Orchestration
Software

Software

Virtual Infrastructure
Integrator

Software

Virtual Tape Library


Diligent

VTL

Virtual Tape Library


FalconStor

Software

VMware Adapters

Software
Software

Not
affected

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

49

L a s t
(POODLE)
Product
Type

M o d i f i e d : 7 - M a y

Product Name

Affected? Vulnerable? Version

Software

Zone Allocation
Manager

Systems

Adaptable/Workgroup Not
affected
Modular Storage
(AMS/WMS)

Systems

Adaptable Modular
Storage 2000

Systems

Capacity Optimization

Systems
Systems
Systems

Compute Blade 2000


Compute Blade 500
Compute Blade 320
Compute Rack
210H/220H/220S
Compute Rack 220
Content Platform
(HCP) and Content
Platform Anywhere
(HCP-AW)
Data Discovery Suite
Data Discovery Suite
for MS SharePoint

Systems
Systems
File &
Content
Systems
Systems
File &
Content

Data Ingestor

File &
Content

High-performance
NAS Platform

Systems

Hitachi Universal
Storage VM

File &
Content
Systems
File &
Content

2 0 1 5

Yes

Low Risk

V04 and
later

More Information

082030

081645

Yes

Low Risk

All

Fix schedule TBD

Yes

Low Risk

All

81729

YES

Low Risk

Release
8.x

HUS File Module


HyperStor
NAS 3x00 (Titan)

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

50

L a s t
(POODLE)
Product
Type
File &
Content
File &
Content
File &
Content
File &
Content
Systems
Systems
File &
Content
Systems
Systems
Systems
Systems
Systems
Systems

Systems
Systems
Systems

M o d i f i e d : 7 - M a y

2 0 1 5

Product Name

Affected? Vulnerable? Version

NAS 30x0 (Mercury)

YES

Low Risk

NAS 4000 Series

YES

Low Risk

SMU

YES

Low Risk

NAS Platform F

Yes

Low Risk

All

Fix schedule TBD

Low Risk

V04 and
later

Fix schedule TBD, Alert pending

Network Storage
Controller (NSC55)
Simple Modular
Storage (SMS)

More Information

Prior to
12.1
Prior to
12.1
Prior to
12.2

TBD
Yes

Titan
UCP for Microsoft
Exchange
UCP for Microsoft SQL
Server
UCP for Oracle
Database
UCP Pro for VMware
vSphere
UCP Pro for VMware
vSphere
UCP Select for Citrix
XenDesktop
UCP Pro for VMware
vSphere
UCP Select for Citrix
XenDesktop
UCP Select for
Microsoft Private
Cloud

Systems

UCP Select for Oracle

Systems

UCP Select for SAP


HANA

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

51

L a s t
(POODLE)
Product
Type
Systems
Systems

Systems
Systems
Systems

M o d i f i e d : 7 - M a y

Product Name

Unified Storage (HUS)

File &
Content

Unified Storage File


Module (HUS FM)

Systems

Unified Storage VM
(HUS VM)

Systems

More Information

Yes

Low Risk

All

082030

Yes

Low Risk

All

81729

All

81729

Yes

Low Risk

Yes

Low Risk

All

81729

Yes

Low Risk

All

Only SMI-S is affected (SN/SVP not affected),


81729

All

81729

Universal Storage
Platform V
(USP V)

Systems

Affected? Vulnerable? Version

UCP Select for SAP


HANA
UCP Select for
VMware View
UCP Select for SAP
HANA
UCP Select for
VMware View
UCP Select for
VMware vSphere

Systems

Systems

2 0 1 5

Universal Storage
Platform VM (USP
VM)
Hitachi Virtual Storage
Platform G1000 (VSP
G1000)

Systems

Virtual Storage
Platform (VSP)

Yes

Low Risk

Other

Hi-Track Remote
Monitoring system

No

No

Other

Remote Access
Control Center (RACC)

No

No

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

52

L a s t

M o d i f i e d : 7 - M a y

2 0 1 5

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

53

L a s t

M o d i f i e d : 7 - M a y

2 0 1 5

Shellshock CVE-2014-6271
The following table references Hitachi Data Systems products and solutions affected by the worldwide security
issue known as Shellshock. Open items are actively updated; please review this table frequently for new details.
(Shellshock)
Product Type

Product Name

Affected?

Vulnerable?

Version

More Information

Networking

Brocade

Yes

Yes

FOS 6.x, 7.x

VTL
Networking

BusTech
Cisco Systems

TBD
Yes

Yes

NXOS 5.x;
6.x

Fixed in FOS 6.4.3g; 7.1.2b; 7.2.1d;


7.3.0b
Under investigation
Fixed in NXOS 5.2(8e); 6.2(9a)

Networking
Networking
Networking

Ctera
Emulex
Qlogic

No
No
Yes

No
Yes

Software

Application
Protector
Arkivio
Business
Continuity
Manager
CA Integration
Module
Clinical
Repository Karos
Clinical
Repository Visbion
Command
Director
Compute
Systems
Manager
Data Discovery
Suite for MS
SharePoint
Data Instance
Manager
Data Protection
Suite

TBD

Software
Software

Software
Software

Software

Software
Software

Software

Software
Software

TBD
TBD

8.0.14.12
and below

Fixed in firmware 8.0.14.13.00

Under investigation

TBD
No

No

No
No

TBD

TBD
TBD

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

54

L a s t

M o d i f i e d : 7 - M a y

2 0 1 5

(Shellshock)
Product Type

Product Name

Affected?

Software
Software
Software

Device Manager
Dual Active ID
Dynamic Link
Manager
Dynamic
Replicator
e-Copy
Extension Pack
for Secure FTP
IT Operations
Analyzer
IT Operations
Analyzer
Advance
IT Operations
Director
IT Operations
Integrator
IT Operations
Repository
Microsoft
Adapters
NanoCopy
Oracle Adapters
Power Saving
Protection
Manager
Replication
Manager
Replication
Monitor
SAP Adapters
Sepaton
Server
Conductor
Seven10
SpectraLogic
Storage Adapter
for Petrel

No
TBD
No

Software
Software
File & Content
Software
Software

Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software

Vulnerable?

No
TBD
Yes

Version

More Information

Under investigation

No

Alert #81524

TBD
TBD

TBD
TBD
TBD
TBD
TBD
TBD
TBD
No
No
No
TBD
TBD
TBD
No
TBD
TBD

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

55

L a s t

M o d i f i e d : 7 - M a y

2 0 1 5

(Shellshock)
Product Type

Product Name

Affected?

Vulnerable?

Software

Storage
Navigator
Modular 2
Storage
Optimization for
MS SharePoint
Storage Services
Manager
Storage Viewer
Suite

No

No

Software

Software
Software

Version

More Information
81554

TBD

TBD
No

Backup Services
Manager (HBSM)
Storage Capacity
Reporter (HSCR)
Storage Fabric
Reporter (HSFR)
Virtual Server
Reporter (HVSR)
File Analytics
Reporter (HFAR)

Software
Software
Software
Software
Software
Software
Software

StorFirst Apollo
Streaming Data
Platform
Symantec
Adapters
Tiered Storage
Manager
Tiered Storage
Manager for MF
Tuning Manager
TurboLUN

No
TBD
TBD
No
No
No
TBD

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

56

L a s t

M o d i f i e d : 7 - M a y

2 0 1 5

(Shellshock)
Product Type

Product Name

Affected?

Vulnerable?

Software

UCP
Orchestration
Software

Yes

Yes

Version

More Information
If you are using versions of Bash in
operating systems based on SUSE
Linux Enterprise 9, 10 or 11, your
servers are potentially at risk. If
your systems are compromised, we
recommend that you patch your
systems right away.
Follow this link for the security
update from SUSE:

https://www.suse.com/support/up
date/announcement/2014/susesu-20141247-1.html
Software

Software
VTL

Software
Software
Systems

Systems

Systems
Systems
Systems
Systems

Virtual
Infrastructure
Integrator
Virtual Tape
Library Diligent
Virtual Tape
Library
FalconStor
VMware
Adapters
Zone Allocation
Manager
Adaptable
Modular
Storage (AMS)
Adaptable
Modular
Storage 2000
Capacity
Optimization
Compute Blade
2000
Compute Blade
500
Compute Blade
320

TBD

TBD
Yes

Yes

Current

Patch is available on
falconstore.com

TBD
TBD
No

81554

No

81554

No
No

TBD
No

No

N/A

No

No

N/A

No

No

N/A

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

57

L a s t

M o d i f i e d : 7 - M a y

2 0 1 5

(Shellshock)
Product Type

Product Name

Affected?

Vulnerable?

Version

Systems

Compute Rack
210H/220H/220
S
Compute Rack
220
Content
Platform (HCP)
and Content
Platform
Anywhere (HCPAW)
Data Discovery
Suite
Data Discovery
Suite for MS
SharePoint
Data Ingestor

No

No

N/A

No

No

N/A

No

No

All

No

Dependent

Yes

No

Highperformance
NAS Platform
Hitachi
Universal
Storage VM
HUS File
Module
HyperStor
Mercury
NAS 4000 Series
NAS Platform
NAS Platform F
Network
Storage
Controller
(NSC55)
Simple Modular
Storage (SMS)
Titan

Yes

No

Alert #81511

No

No

81554

Yes

No

Alert #81511

TBD
Yes
Yes
Yes
Yes
No

No
No
No
No
No

Alert #81511
Alert #81511
Alert #81511
Alert #81528
81554

No

No

81554

Yes

No

Alert #81511

Systems
File & Content

Systems
Systems

File & Content


File & Content

Systems

File & Content


Systems
File & Content
File & Content
File & Content
File & Content
Systems

Systems
File & Content

More Information

Alert #81528

Customer responsible to patch Red


Hat Linux installation

No

All

Alert #81520

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

58

L a s t

M o d i f i e d : 7 - M a y

2 0 1 5

(Shellshock)
Product Type

Product Name

Affected?

Vulnerable?

Systems

UCP for
Microsoft
Exchange
UCP for
Microsoft SQL
Server
UCP for Oracle
Database
UCP Pro for
VMware
vSphere
UCP Select for
Citrix
XenDesktop
UCP Select for
Microsoft
Private Cloud
UCP Select for
Oracle
UCP Select for
SAP HANA

No

No

No

No

No

No

Yes

Yes

No

No

No

No

No

No

Yes

Yes

Systems

Systems
Systems

Systems

Systems

Systems
Systems

Version

More Information

Under investigation

SUSE Linux
Enterprise
9, 10, 11

If you are using versions of Bash in


operating systems based on SUSE
Linux Enterprise 9, 10 or 11, your
servers are potentially at risk. If
your systems are compromised, we
recommend that you patch your
systems right away.
Follow this link for the security
update from SUSE:

https://www.suse.com/support/up
date/announcement/2014/susesu-20141247-1.html
Systems
Systems

Systems

UCP Select for


VMware View
UCP Select for
VMware
vSphere
Unified Storage
(HUS)

No

No

No

No

No

No

81554

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

59

L a s t

M o d i f i e d : 7 - M a y

2 0 1 5

(Shellshock)
Product Type

Product Name

Affected?

Vulnerable?

File & Content

Unified Storage
File Module
(HUS FM)
Unified Storage
VM (HUS VM)
Universal
Storage
Platform V
(USP V)
Universal
Storage
Platform VM
(USP VM)
Hitachi Virtual
Storage
Platform G1000
(VSP G1000)
Virtual Storage
Platform (VSP)
Workgroup
Modular
Storage WMS
Hi-Track
Remote
Monitoring
system
Remote Access
Control Center
(RACC)

Yes

No

81511

No

No

81554

No

No

81554

No

No

81554

No

No

81554

No

No

81554

No

No

81554

No

No

No

No

Systems
Systems

Systems

Systems

Systems
Systems

Other

Other

Version

More Information

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

60

L a s t

M o d i f i e d : 7 - M a y

2 0 1 5

OpenSSL Heartbleed
The following table references Hitachi Data Systems products and accessories affected by the worldwide security issue
known as OpenSSL Heartbleed. Open items are actively updated; please review this table frequently for new details.
(Heartbleed)
Product Type
Networking
Networking
Networking
Networking

Networking
Networking
Networking
Networking
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software

Product Name
Asempra
Brocade
BusTech
Ciena

Cisco Systems
Ctera
Emulex
Qlogic
Application Protector
Arkivio
Business Continuity Manager
CA Integration Module
Clinical Repository - Karos
Clinical Repository - Visbion
Command Director
Compute Systems Manager
Data Discovery Suite for MS
SharePoint
Data Instance Manager
Data Protection Suite
Device Manager
Dual Active ID
Dynamic Link Manager
Dynamic Replicator
e-Copy
Extension Pack for Secure FTP
IT Operations Analyzer
IT Operations Analyzer Advance
IT Operations Director
IT Operations Integrator
IT Operations Repository
Microsoft Adapters
NanoCopy

Affected?
No
No
No
No

Version
FOS, NOS, BNA

See Cisco.com.
Advisory ID: cisco-sa-20140409heartbleed

No
No
No
No
No
No

No
Yes
No
No

More Information

v1, v2

680669

All

Patch Available April 14, 2014

No
No
No
No
No

Yes
No
No
No
No
No
No

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

61

L a s t
(Heartbleed)
Product Type
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software

M o d i f i e d : 7 - M a y

Product Name
Oracle Adapters
Power Saving
Protection Manager
Replication Manager
Replication Monitor
SAP Adapters
Sepaton
Server Conductor
Seven10
SpectraLogic
Storage Adapter for Petrel
Storage Navigator Modular 2
Storage Optimization for MS
SharePoint
Storage Services Manager
Storage Viewer Suite

Affected?
No

2 0 1 5

Version

More Information

No
No
No
No
No
No
No
No

No

Backup Services Manager (HBSM)


Storage Capacity Reporter (HSCR)
Storage Fabric Reporter (HSFR)
Virtual Server Reporter (HVSR)
File Analytics Reporter (HFAR)

Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Systems
Systems
Systems
Systems
Systems
Systems

StorFirst Apollo
Streaming Data Platform
Symantec Adapters
Tiered Storage Manager
Tiered Storage Manager for MF
Tuning Manager
TurboLUN
UCP Orchestration Software
Virtual Infrastructure Integrator
Virtual Tape Library Diligent
Virtual Tape Library FalconStor
VMware Adapters
Zone Allocation Manager
5700 Series
5800 Series
7000 Series
9200 Series
9500 V Series
9900 Series

No
No
No
No
Yes
No
No
No
No

2.x, 3.x

080667

No
No
No
No
No
No

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

62

L a s t
(Heartbleed)
Product Type
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems

M o d i f i e d : 7 - M a y

Product Name
9900 V Series
Adaptable Modular Storage
(AMS)
Adaptable Modular Storage 2000
Capacity Optimization
Compute Blade 2000
Compute Blade 500
Compute Blade 320
Compute Rack 210H/220H/220S
Compute Rack 220
Content Archive Platform
Content Platform (HCP)
Content Platform Anywhere
(HCP-AW)
Data Discovery Suite
Data Discovery Suite for MS
SharePoint
Data Ingestor
Essential NAS Platform
High-performance NAS Platform
Hitachi Universal Storage VM
HUS File Module
HyperStor
Mercury
NAS 4000 Series
NAS Platform
NAS Platform F
Network Storage Controller
(NSC55)
Simple Modular Storage (SMS)
Titan
UCP for Microsoft Exchange
UCP for Microsoft SQL Server
UCP for Oracle Database
UCP Pro for VMware vSphere
UCP Select for Citrix XenDesktop
UCP Select for Microsoft Private
Cloud
UCP Select for Oracle
UCP Select for SAP HANA

Affected?
No

2 0 1 5

Version

More Information

No
No
Yes
Yes
No
Yes
No
No
No

080852
080850
080854

No
No
No
No
No
No
Yes
Yes
Yes
Yes
Yes
No
No
No
No
No
No
No
Yes
No
No
No
Yes

11.1.3200.00 +

080654

11.1.3200.00 +
11.1.3200.00 +
11.1.3200.00 +

080654
080654
080654

080667

Scale-Out solutions use HNAS.

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

63

L a s t
(Heartbleed)
Product Type

M o d i f i e d : 7 - M a y

Systems

UCP Select for VMware View

Yes

VMware 5.5

Systems
Systems

UCP Select for VMware vSphere


Unified Storage (HUS)
Unified Storage File Module (HUS
FM)
Unified Storage VM (HUS VM)
Universal Storage Platform V
(USP V)
Universal Storage Platform VM
(USP VM)
Hitachi Virtual Storage Platform
G1000 (VSP G1000)
Virtual Storage Platform (VSP)
Workgroup Modular Storage
WMS
Hi-Track Remote Monitoring
system
Remote Access Control Center
(RACC)

Yes
No

VMware 5.5

More Information
Please refer to HNAS product for
resolution. 080654
See VMware.com; No for
VMware 5.1
See VMware.com; No for
VMware 5.1

Yes
Yes

11.1.3200.00 +
OSS V03

080654
080650

OSS V01
OSS V06

080650
080650

Systems
Systems
Systems
Systems
Systems
Systems
Systems
Other
Other

Product Name

Affected?

2 0 1 5

Version

No
No
Yes
Yes
No
No
No

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

64