December 28, 2021
Hitachi, Ltd. IT Platform Products Management Division
Hitachi Disk Array Systems have the following vulnerability.
Hitachi-sec-2021-315
CVE-2021-44228 | Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints.
The following table shows the affected products.
Product Name | Hitachi Virtual Storage Platform E390, E390H, E590, E590H, E790, E790H, E990 |
---|---|
Software Name |
|
Software Version |
|
Product Name |
Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900 Hitachi Virtual Storage Platform F350, F370, F700, F900 |
---|---|
Software Name |
|
Software Version |
|
Product Name |
Hitachi Virtual Storage Platform G100, G200, G400, G600, G800 Hitachi Virtual Storage Platform F400, F600, F800 Hitachi Virtual Storage Platform N400, N600, N800 |
---|---|
Software Name | SVP software (Storage Navigator) |
Software Version | SVP software: 83-05-42-00/00 and later, 83-06-11-00/00 and later |
Software update will be released.
(a)SVP Software (Storage Navigator)
Do one of the followings:
Note: If applying ii or iii, the following restrictions will apply:
Note: If applying iii, you must reboot SVP before using Storage Navigator again. After you finish using Storage Navigator, or if SVP is rebooted unintentionally, stop Storage Navigator and related services again.
(b)Export Tool 2
Do one of the followings:
Note: Export Tool2 is not bundled for Hitachi Virtual Storage Platform G100, G200, G400, G600, G800, F400, F600, F800.
Please refer to the Security Update Guide about the vulnerabilities