October 5, 2022
Hitachi, Ltd. IT Platform Products Management Division
Hitachi Disk Array Systems have the following vulnerability.
Hitachi-sec-2022-310
CVE-2022-26928 | Windows Photo Import API Elevation of Privilege Vulnerability
CVE-2022-26929 | .NET Framework Remote Code Execution Vulnerability
CVE-2022-30170 | Windows Credential Roaming Service Elevation of Privilege Vulnerability
CVE-2022-30196 | Windows Secure Channel Denial of Service Vulnerability
CVE-2022-30200 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
CVE-2022-34718 | Windows TCP/IP Remote Code Execution Vulnerability
CVE-2022-34719 | Windows Distributed File System (DFS) Elevation of Privilege Vulnerability
CVE-2022-34720 | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability
CVE-2022-34721 | Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability
CVE-2022-34722 | Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability
CVE-2022-34725 | Windows ALPC Elevation of Privilege Vulnerability
CVE-2022-34726 | Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2022-34727 | Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2022-34728 | Windows Graphics Component Information Disclosure Vulnerability
CVE-2022-34729 | Windows GDI Elevation of Privilege Vulnerability
CVE-2022-34730 | Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2022-34731 | Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability
CVE-2022-34732 | Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2022-34733 | Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability
CVE-2022-34734 | Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2022-35803 | Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2022-35831 | Windows Remote Access Connection Manager Information Disclosure Vulnerability
CVE-2022-35832 | Windows Event Tracing Denial of Service Vulnerability
CVE-2022-35833 | Windows Secure Channel Denial of Service Vulnerability
CVE-2022-35834 | Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability
CVE-2022-35835 | Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability
CVE-2022-35836 | Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability
CVE-2022-35837 | Windows Graphics Component Information Disclosure Vulnerability
CVE-2022-35840 | Microsoft OLE DB Provider for SQL Server Remote Code Execution Vulnerability
CVE-2022-35841 | Windows Enterprise App Management Service Remote Code Execution Vulnerability
CVE-2022-37954 | DirectX Graphics Kernel Elevation of Privilege Vulnerability
CVE-2022-37955 | Windows Group Policy Elevation of Privilege Vulnerability
CVE-2022-37956 | Windows Kernel Elevation of Privilege Vulnerability
CVE-2022-37957 | Windows Kernel Elevation of Privilege Vulnerability
CVE-2022-37958 | SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Information Disclosure Vulnerability
CVE-2022-37969 | Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2022-38004 | Windows Fax Service Remote Code Execution Vulnerability
CVE-2022-38005 | Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2022-38006 | Windows Graphics Component Information Disclosure Vulnerability
The following table shows the affected products.
Product Name |
Hitachi Virtual Storage Platform 5200, 5600, 5200H, 5600H Hitachi Virtual Storage Platform 5100, 5500, 5100H, 5500H |
---|---|
Vulnerability ID |
CVE-2022-26928, CVE-2022-26929, CVE-2022-30170, CVE-2022-30196, CVE-2022-30200, CVE-2022-34718, CVE-2022-34719, CVE-2022-34720, CVE-2022-34721, CVE-2022-34722, CVE-2022-34725, CVE-2022-34726, CVE-2022-34727, CVE-2022-34728, CVE-2022-34729, CVE-2022-34730, CVE-2022-34731, CVE-2022-34732, CVE-2022-34733, CVE-2022-34734, CVE-2022-35803, CVE-2022-35831, CVE-2022-35832, CVE-2022-35833, CVE-2022-35834, CVE-2022-35835, CVE-2022-35836, CVE-2022-35837, CVE-2022-35840, CVE-2022-35841, CVE-2022-37954, CVE-2022-37955, CVE-2022-37956, CVE-2022-37957, CVE-2022-37958, CVE-2022-37969, CVE-2022-38004, CVE-2022-38005, CVE-2022-38006 |
Product Name |
Hitachi Virtual Storage Platform G1000, G1500 Hitachi Virtual Storage Platform F1500 Hitachi Virtual Storage Platform VX7 |
---|---|
Vulnerability ID |
CVE-2022-26928, CVE-2022-30170, CVE-2022-30200, CVE-2022-34718, CVE-2022-34719, CVE-2022-34720, CVE-2022-34721, CVE-2022-34722, CVE-2022-34725, CVE-2022-34726, CVE-2022-34727, CVE-2022-34728, CVE-2022-34729, CVE-2022-34730, CVE-2022-34731, CVE-2022-34732, CVE-2022-34733, CVE-2022-34734, CVE-2022-35803, CVE-2022-35831, CVE-2022-35832, CVE-2022-35833, CVE-2022-35834, CVE-2022-35835, CVE-2022-35836, CVE-2022-35837, CVE-2022-35840, CVE-2022-35841, CVE-2022-37955, CVE-2022-37956, CVE-2022-37958, CVE-2022-37969, CVE-2022-38004, CVE-2022-38005, CVE-2022-38006 |
The following products are not affected by the vulnerabilities:
Please refer to the Security Update Guide (Microsoft) about the vulnerabilities.