Cust Letter Shellshock Hitachi

L a s t
M o d i f i e d : 7 - M a y
2 0 1 5
Hitachi Data Systems Product Affectivity

for Worldwide Security Vulnerabilities
Hitachi Data Systems continuously strives to provide you with the highest quality products and solutions. We
take this responsibility very seriously. To this end, we constantly monitor our quality control and storage
system test processes to ensure that our products are secure and operating at peak performance.
When worldwide security vulnerabilities are identified, our Product Engineering and Global Security teams
review with our vendors any potential security threats that the vulnerability may pose within Hitachi Data
Systems product and solution offerings. At the completion of the assessment Hitachi Data Systems releases
product statements describing any exposure our customers may have to this issue. Our engineering teams
prepare circumvention and software fixes for any product affected to ensure that you are protected.
A list of worldwide security vulnerabilities is included in the table below. Click the name of the vulnerability to
view Hitachi Data Systems product affectivity matrix for that issue.
Security
Vulnerability
Description
CVE-2015-1635
HTTP.sys Remote
Code Execution
Vulnerability
CVE-2015-1635 HTTP.sys Remote Code Execution Vulnerability: HTTP.sys in Microsoft Windows

7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2
allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code
Execution Vulnerability."
April 22, 2015
CVE-2015-0290 & CVE-2015-0291 Open SSL Vulnerability: The multi-block feature in the
CVE-2015-0290 &
CVE-2015-0291 Open ssl3_write_bytes function in s3_pkt.c in OpenSSL 1.0.2 before 1.0.2a on 64-bit x86 platforms with AES NI
support does not properly handle certain non-blocking I/O cases, which allows remote attackers to cause a
SSL Vulnerability
denial of service (pointer corruption and application crash) via unspecified vectors.
March 30, 2015
FREAK vulnerability
(CVE-2015-0204)
March 4,2015
SAMBA
CVE-2015-0240
February 23, 2015
CVE-2015-0204-FREAK: The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0

before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA
downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a
noncompliant role.
CVE-2015-0240-Samba: is a security flaw in the smbd file server daemon. It can be exploited by a malicious
Samba client by sending specially-crafted packets to the Samba server. No authentication is required to
exploit this flaw. It can result in remotely controlled execution of arbitrary code as root.
Hitachi Data Systems | Security Vulnerabilities and Product Affectivity
L a s t
Security
Vulnerability
2 0 1 5
Description
CVE-2015-0235 -GHOST is a 'buffer overflow' Linux bug affecting the gethostbyname() and
gethostbyname2() function calls in the glibc library. This vulnerability in Linux allows a remote attacker
that is able to make an application call to either of these functions to execute arbitrary code with the
permissions of the user running the application.
GHOST
(CVE-2015-0235)
January 27, 2015
NTP
(CVE-2014-9293
through CVE-20149296)
Network Time Protocol (NTP) Vulnerability (CVE-2014-9293 through CVE-2014-9296): A remote attacker
can send a carefully crafted packet that can overflow a stack buffer and potentially allow malicious code to
be executed with the privilege level of the ntpd process.
December 22, 2014

Padding Oracle On Downgraded Legacy Encryption (POODLE): An attacker who acts as man-in-the-middle
can force the SSL/TLS protocol to downgrade to version 3.0 if the attacked application supports this old SSL
version. This legacy protocol is not secure. Depending on the application, it may be possible for an
adversary to mount attacks that can lead to disclosure of secret data such as passwords or HTTP cookies.
POODLE
CVE-2014-3566
September 2014
Shellshock CVE-2014-6271 (and the related issues CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE2014-6277, and CVE-2014-6278): This vulnerability affects UNIX-based Bash (Bourne shell) and has the
potential to arbitrarily execute code within UNIX environments. Some native services and applications may
allow remote unauthenticated attackers to provide environment variables and exploit this issue.
Shellshock
CVE-2014-6271
September 24, 2014
OpenSSL Heartbleed
April 2014
OpenSSL Heartbleed: This is a serious vulnerability in the popular OpenSSL cryptographic software library.
This weakness allows stealing the information protected under normal conditions by the SSL/TLS
encryption used to secure the internet. SSL/TLS provides communication security and privacy over the
internet for applications such as web, email, instant messaging (IM) and some virtual private networks
(VPNs). The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected
by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the
service providers and to encrypt the traffic, the names and passwords of the users and the actual content.
This allows attackers to eavesdrop on communications, steal data directly from the services and users and
to impersonate services and users.
CVE-2015-1635 HTTP.sys Remote Code Execution

Vulnerability
The following table references Hitachi Data Systems products and solutions affected by the worldwide security issue known as CVE2015-1635 HTTP.sys Remote Code Execution Vulnerability. Open items are actively updated; please review this table frequently
for new details.
L a s t
2 0 1 5
(CVE-2015-1635) HTTP.sys Remote Code Execution Vulnerability
Product Type
Product Name
Networking
Brocade
VTL
Networking
Networking
Networking
BusTech
Cisco Systems
Emulex
Qlogic
Software
Application Protector
Software
Arkivio
Business Continuity
Manager
Software
Software
CA Integration Module
Software
Clinical Repository Karos
Software
Software
Software
Affected?
Vulnerable?
Version
More Information
Clinical Repository Visbion

Command Director
Compute Systems
Manager
Software
Data Instance Manager
Software
Data Protection Suite
Software
Software
Device Manager
Dual Active ID
Software
Dynamic Link Manager
Software
Software
Dynamic Replicator
e-Copy
Software
IT Operations Analyzer
Software
Advance
L a s t
2 0 1 5
Product Type
Product Name
Software
IT Operations Director
Software
IT Operations
Integrator
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Storage Optimization
for MS SharePoint
Software
Vulnerable?
Version
More Information
IT Operations
Repository
LPAR
Microsoft Adapters
NanoCopy
Oracle Adapters
Power Saving
Protection Manager
Replication Manager
Replication Monitor
SAP Adapters
Sepaton
Server Conductor
Seven10
SpectraLogic
Storage Adapter for
Petrel
Storage Navigator
Modular 2
Software
Affected?
No
No
Recommend customer patch OS

of management server, if
applicable (see Microsoft MS15034)
Storage Services
Manager
Storage Viewer Suite
Backup Services
Manager (HBSM)
Storage Capacity
Reporter (HSCR)
L a s t
2 0 1 5
Product Type
Product Name
Affected?
Vulnerable?
Version
More Information
Storage Fabric Reporter

(HSFR)
Virtual Server Reporter
(HVSR)
File Analytics Reporter
(HFAR)
Software
Software
Software
Software
Software
Software
Software
StorFirst Apollo
Streaming Data
Platform
Symantec Adapters
Tiered Storage
Manager
Tiered Storage
Manager for MF
Tuning Manager
TurboLUN
Software
UCP Orchestration
Software
Software
Virtual Infrastructure
Integrator
Software
Virtual Tape Library

Diligent
VTL

FalconStor
L a s t
2 0 1 5
Product Type
Product Name
Software
VMware Adapters
Zone Allocation
Manager
Software
Systems
Adaptable Modular
Storage (AMS)
Systems
Adaptable Modular
Storage 2000
Systems
Capacity Optimization
File & Content
Affected?
No
Vulnerable?
Version
More Information
No
System does not contain

Windows OS.
No
No

Windows OS.
Content Platform (HCP)
No
No
File & Content
Content Platform
Anywhere (HCP-AW)
No
No
File & Content
HCP S Nodes
No
No
Systems
Data Discovery Suite
Systems

for MS SharePoint
HDI and HFSM do not use IIS7
where the vulnerability is found.
HDI and HFSM use Hitachi Web
Server for web services.
File & Content
Data Ingestor and

HNAS Platform F
No
No
If HFSM is installed in a windows

server where IIS7 is already
running, attacker can attack the
windows server through IIS7. In
this case please apply a patch or
workaround for the windows
server.
L a s t
2 0 1 5
Product Type
Product Name
Affected?
Vulnerable?
Systems
Essential NAS Platform
No
No
Systems
Hitachi Universal
Storage VM
No
No
File & Content
HUS File Module
No
No
Systems
HyperStor
File & Content
NAS 3x00 (Titan)
No
No
File & Content
NAS 30x0 (Mercury)
No
No
File & Content
NAS 4000 Series
No
No
File & Content
SMU
No
No
No
No
No
No
Systems
Systems
Network Storage
Controller (NSC55)
Simple Modular
Storage (SMS)
Version

Windows OS.
System does not use affected
versions of Windows OS.
Windows OS.
Systems
UCP for Microsoft

Exchange
Yes
Yes
ALL
Systems
UCP Select for

Microsoft SQL Server
Yes
Yes
ALL
Systems
UCP Select for Oracle

Database
Yes
Yes
ALL
Yes
Yes
ALL
Yes
Yes
ALL
Yes
Yes
ALL
Systems
Systems
Systems
UCP Pro (UCP 4000 /

4000e) for VMware
vSphere
UCP Pro (UCP
4000/4000e) for
Microsoft Private Cloud
UCP Select for SAP
HANA
More Information

Windows OS.
Windows OS.
Windows OS.
Windows OS.
Windows OS.
Management Stack runs on
Windows Server, mitigation
under investigation.
L a s t
2 0 1 5
Product Type
Product Name
Affected?
Vulnerable?
Version
Systems
UCP Select for VMware

View
Yes
Yes
ALL
Systems

vSphere
Yes
Yes
ALL
Systems
Unified Storage File

Module (HUS FM)
No
No
Systems
Unified Storage (HUS)
No
No

Windows OS.
Systems
Unified Storage VM
(HUS VM)
No
No

Systems
Universal Storage
Platform V (USP V)
No
No

Universal Storage
Platform VM (USP VM)
No
No
Hitachi Virtual Storage

Platform G1000 (VSP
G1000)
No
No
No
No
No
No
Systems
Systems
Systems
Systems
Virtual Storage
Platform (VSP)
Workgroup Modular
Storage WMS
Other
Hi-Track Remote
Monitoring system
No
No
Other
Remote Access Control

Center (RACC)
No
No
More Information
Windows OS.

SVP is Windows 7, however SVP
does not use IIS as a webserver so
unaffected. Regardless, patch
MS15-034 is forthcoming next
SVP Security Update CD (being
processed).
Windows OS.
L a s t
2 0 1 5
CVE-2015-0290 & CVE-2015-0291 Open SSL Vulnerability

The following table references Hitachi Data Systems products and solutions affected by the worldwide security issue known as CVE2015-0290 & CVE-2015-0291 Open SSL Vulnerability. Open items are actively updated; please review this table frequently for new
details.
(CVE-2015-0290/0291)
Product Type
Product Name
Networking
Brocade
VTL
Networking
Networking
Networking
BusTech
Cisco Systems
Emulex
Qlogic
Software
Software
Arkivio
Business Continuity
Manager
Software
Software
Software
Software
Software
Software
Affected?
No
Vulnerable?
No
Version
FOS/NOS/BNA
More Information
http://www.brocade.com/service
s-support/driversdownloads/oscd/index.page?
Under vendor investigation 3/27

No
No
No
No
System does not implement

OpenSSL.
Command Director
Compute Systems
Manager
Software
Software
Software
Software
Device Manager
Dual Active ID
L a s t
2 0 1 5
(CVE-2015-0290/0291)
Product Type
Product Name
Software
Software
Software
Dynamic Replicator
e-Copy
Software
Software
Advance
Software
Software
IT Operations
Integrator
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Affected?
Vulnerable?
No
No
Version
More Information
IT Operations
Repository
LPAR
Microsoft Adapters
NanoCopy
Oracle Adapters
Power Saving
Protection Manager
Replication Manager
Replication Monitor
SAP Adapters
Sepaton
Server Conductor
Seven10
SpectraLogic
Storage Adapter for
Petrel
Software
Storage Navigator
Modular 2
Software
for MS SharePoint

OpenSSL 1.0.2
10
L a s t
2 0 1 5
(CVE-2015-0290/0291)
Product Type
Software
Product Name
Affected?
Vulnerable?
Version
More Information
Storage Services
Manager
Backup Services
Manager (HBSM)
Storage Capacity
Reporter (HSCR)
Software

(HSFR)
(HVSR)
(HFAR)
Software
Software
Software
Software
Software
Software
Software
StorFirst Apollo
Streaming Data
Platform
Symantec Adapters
Tiered Storage
Manager
Tiered Storage
Manager for MF
Tuning Manager
TurboLUN
Software
UCP Orchestration
Software
Software
Integrator
Software

Diligent
VTL

FalconStor
11
L a s t
2 0 1 5
(CVE-2015-0290/0291)
Product Type
Product Name
Software
VMware Adapters
Zone Allocation
Manager
Software
Systems
Adaptable Modular
Storage (AMS)
Systems
Adaptable Modular
Storage 2000
Systems
File & Content
Affected?
No
Vulnerable?
Version
More Information
No

OpenSSL 1.0.2
No
No

OpenSSL 1.0.2
No
No
All
File & Content
Content Platform
Anywhere (HCP-AW)
No
No
All
File & Content
HCP S Nodes
No
No
All
Systems
Systems

for MS SharePoint
File & Content
Data Ingestor and

HNAS Platform F
No
No
Product does not implement

OpenSSL 1.0.2
12
L a s t
2 0 1 5
(CVE-2015-0290/0291)
Product Type
Product Name
Affected?
Vulnerable?
File & Content
Data Ingestor and

HNAS Platform F
No
No
Product does not implement

OpenSSL 1.0.2
Systems
Systems
Hitachi Universal
Storage VM
No
No

OpenSSL 1.0.2
File & Content
HUS File Module
Systems
File & Content
File & Content
File & Content
File & Content
HyperStor
NAS 3x00 (Titan)
NAS 30x0 (Mercury)
NAS 4000 Series
SMU
Network Storage
Controller (NSC55)
Simple Modular
Storage (SMS)
UCP for Microsoft
Exchange
UCP Select for
No
No
No
No
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Version
More Information

OpenSSL 1.0.2
OpenSSL 1.0.2

Database
UCP Pro (UCP 4000 /
4000e) for VMware
vSphere
UCP Pro (UCP
4000/4000e) for
UCP Select for SAP
HANA
View
vSphere
13
L a s t
2 0 1 5
(CVE-2015-0290/0291)
Product Type
Product Name
Affected?
Vulnerable?
Systems

Module (HUS FM)
Systems
No
No

OpenSSL 1.0.2
Systems
Unified Storage VM
(HUS VM)
No
No

OpenSSL 1.0.2
Systems
Universal Storage
Platform V (USP V)
No
No

OpenSSL 1.0.2
No
No

OpenSSL 1.0.2
No
No

OpenSSL 1.0.2
No
No
No
No
Systems
Systems
Systems
Systems
Universal Storage
Platform G1000 (VSP
G1000)
Virtual Storage
Platform (VSP)
Workgroup Modular
Storage WMS
Version
More Information

OpenSSL 1.0.2
OpenSSL 1.0.2
Other
Hi-Track Remote
Monitoring system
Under investigation
Other

Center (RACC)
Under investigation
CVE-2015-0204 FREAK: Security flaw in Open SSL 1.0x

The following table references Hitachi Data Systems products and solutions affected by the worldwide security
issue known as CVE-2015-0240 Samba. Open items are actively updated; please review this table frequently for
new details.
(FREAK)
Product Type
Product Name
Affected?
Vulnerable?
Version
More Information
14
L a s t
2 0 1 5
(FREAK)
Product Type
Product Name
Affected?
Vulnerable?
Version
More Information
Networking
Brocade
FOS and
NOS not
affected
BNA 12.3.2
and lower.
12.3.2 and
lower if SSL is
turned on.
Upgrade to BNA 12.3.4 or higher.
VTL
BusTech
Networking
Cisco Systems
Yes
Yes
Bug # CSCus42713 has been

opened for this issue
Networking
Networking
Emulex
Qlogic
Yes
Firmware fix May 15 timeframe
Software
Software
Arkivio
Business Continuity
Manager
Software
Software
Software
Software
Software
Software
Yes

Command Director
Compute Systems
Manager
Software
Software
Software
Software
Device Manager
Dual Active ID
Software
Software
Software
Dynamic Replicator
e-Copy
Software
15
L a s t
2 0 1 5
(FREAK)
Product Type
Product Name
Software
Advance
Software
Software
IT Operations
Integrator
Software
IT Operations
Repository
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Storage Navigator
Modular 2
Software
for MS SharePoint
Software
Vulnerable?
No
No
Version
More Information
LPAR
Microsoft Adapters
NanoCopy
Oracle Adapters
Power Saving
Protection Manager
Replication Manager
Replication Monitor
SAP Adapters
Sepaton
Server Conductor
Seven10
SpectraLogic
Storage Adapter for
Petrel
Software
Software
Affected?
Does not use the cipher of type

RSA-EXPORT
Storage Services
Manager
Backup Services
Manager (HBSM)
Storage Capacity
Reporter (HSCR)
16
L a s t
2 0 1 5
(FREAK)
Product Type
Product Name
Affected?
Vulnerable?
Version
More Information

(HSFR)
(HVSR)
(HFAR)
Software
Software
Software
Software
Software
Software
Software
StorFirst Apollo
Streaming Data
Platform
Symantec Adapters
Tiered Storage
Manager
Tiered Storage
Manager for MF
Tuning Manager
TurboLUN
Software
UCP Orchestration
Software
Software
Integrator
Software

Diligent
VTL

FalconStor
NO
NO
All
Only effects clients when a server

indicates the client needs to
downgrade the security session.
This does not affect the server.
17
L a s t
2 0 1 5
(FREAK)
Product Type
Product Name
Software
VMware Adapters
Zone Allocation
Manager
Software
Systems
Adaptable Modular
Storage (AMS)
Systems
Adaptable Modular
Storage 2000
Systems
Systems
File & Content
File & Content
File & Content
Affected?
No
No
Vulnerable?
Version
More Information
No
System is never SSL client
No
Compute Blade and Compute Rack Products
Content Platform
Anywhere (HCP-AW)
HCP S Nodes
No
No
No
No
No
No
All
All
All
HCP does not use the affected

ciphers. HCP is not vulnerable.
HCP Anywhere does not use the

affected ciphers. HCP Anywhere
is not vulnerable.
HCP S Series is not vulnerable to
CVE-2015-0204. It does not
accept any of the cipher suites
that are vulnerable.
18
L a s t
2 0 1 5
(FREAK)
Product Type
Product Name
Affected?
Vulnerable?
Systems
Systems

for MS SharePoint
File & Content
Data Ingestor and

HNAS Platform F
File & Content
Data Ingestor and

HNAS Platform F
Systems
Systems
Hitachi Universal
Storage VM
No
No
File & Content
HUS File Module
Yes
No
Systems
File & Content
File & Content
File & Content
File & Content
HyperStor
NAS 3x00 (Titan)
NAS 30x0 (Mercury)
NAS 4000 Series
SMU
Network Storage
Controller (NSC55)
Simple Modular
Storage (SMS)
Yes
Yes
Yes
Yes
No
No
No
No
No
No
No
No
Systems
Systems
Version
More Information
Disable SSLv3 as per 81621

Systems
UCP for Microsoft

Exchange
NO
NO
ALL
Systems
UCP Select for

NO
NO
ALL
Systems

Database
NO
NO
ALL
Systems
UCP Pro (UCP 4000 /

4000e) for VMware
vSphere
NO
NO
ALL

19
L a s t
2 0 1 5
(FREAK)
Product Type
Product Name
Systems
UCP Pro (UCP

4000/4000e) for
NO
NO
ALL
UCP Select for SAP

HANA
NO
NO
ALL

View
NO
NO
ALL
Systems

vSphere
NO
NO
ALL
Systems

Module (HUS FM)
Yes
No
Systems
No
No
Systems
Unified Storage VM
(HUS VM)
No
No
Systems
Universal Storage
Platform V (USP V)
No
No
No
No
No
No
No
No
No
No
Systems
Systems
Systems
Systems
Systems
Systems
Universal Storage
Platform G1000 (VSP
G1000)
Virtual Storage
Platform (VSP)
Workgroup Modular
Storage WMS
Affected?
Vulnerable?
Other
Hi-Track Remote
Monitoring system
No
No
Other

Center (RACC)
No
No
Version
More Information
20
L a s t
2 0 1 5
21
L a s t
2 0 1 5
CVE-2015-0204 SAMBA: Security flaw in smbd file srvr daemon

issue known as CVE-2015-0240 Samba. Open items are actively updated; please review this table frequently for
new details.
(SAMBA)
Product Type
Product Name
Affected?
Vulnerable?
Version
Networking
VTL
Networking
Networking
Networking
Brocade
BusTech
Cisco Systems
Emulex
Qlogic
No
No
FOS, NOS, BNA
Software
Software
Arkivio
Business Continuity
Manager
Software
Software
Software
Software
Software
Software

Command Director
Compute Systems
Manager
Software
Software
Software
Software
Device Manager
Dual Active ID
Software
Software
Software
Dynamic Replicator
e-Copy
More Information
Under investigation by vendor
No
No
No
No

22
L a s t
2 0 1 5
(SAMBA)
Product Type
Product Name
Software
Software
Advance
Software
Software
IT Operations
Integrator
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Storage Navigator
Modular 2
Software
for MS SharePoint
Software
Vulnerable?
IT Operations
Repository
LPAR
Microsoft Adapters
NanoCopy
Oracle Adapters
Power Saving
Protection Manager
Replication Manager
Replication Monitor
SAP Adapters
Sepaton
Server Conductor
Seven10
SpectraLogic
Storage Adapter for
Petrel
Software
Software
Affected?
Version
More Information

No
No
SNM2 does not contain Linux OS.
Storage Services
Manager
Backup Services
Manager (HBSM)
23
L a s t
2 0 1 5
(SAMBA)
Product Type
Product Name
Affected?
Vulnerable?
Version
More Information
Storage Capacity
Reporter (HSCR)
(HSFR)
(HVSR)
(HFAR)
Software
Software
Software
Software
Software
Software
Software
StorFirst Apollo
Streaming Data
Platform
Symantec Adapters
Tiered Storage
Manager
Tiered Storage
Manager for MF
Tuning Manager
TurboLUN
Software
UCP Orchestration
Software
Software
Integrator
Software

Diligent
VTL

FalconStor
Low attach rate. Working on

patch.
24
L a s t
2 0 1 5
(SAMBA)
Product Type
Product Name
Software
VMware Adapters
Zone Allocation
Manager
Software
Systems
Adaptable Modular
Storage (AMS)
Systems
Adaptable Modular
Storage 2000
Systems
Systems
Affected?
No
Vulnerable?
Version
More Information
No
Product does not contain Linux

OS
No
No

OS
Compute Blade 2000
No
No
N/A
Systems
Compute Blade 500
No
No
N/A
Systems
Compute Blade 320
No
No
N/A
Systems
Compute Rack
210H/220H/220S
Compute Rack 220
No
No
N/A
No
No
N/A
Systems
25
L a s t
2 0 1 5
(SAMBA)
Product Type
Product Name
File & Content
File & Content
Content Platform
Anywhere (HCP-AW)
File & Content
HCP S Nodes
Systems
Systems

for MS SharePoint
File & Content
Data Ingestor and

HNAS Platform F
Systems
Systems
Affected?
Vulnerable?
Version
More Information
HCP 6.x and HCP 7.x systems
using the CIFS namespace
gateway with Active Directory
authentication are vulnerable. A
fix for this vulnerability will be
included in the 7.1.1 maintenance
release and a hotfix for 6.x will be
available by 3wwwww March
31st.
HCP Anywhere does not run
Samba and is not vulnerable
Under review.
All
HDI Engineering will include a fix

for this vulnerability in a
maintenance release 5.1.1-04.
Customers are encouraged to
upgrade to this release. The
maintenance release is expected
to be delivered to HDS on March
18, 2015.
Yes
Yes
Hitachi Universal
Storage VM
No
No

OS
File & Content
HUS File Module
No
No
Does not include Samba
Systems
HyperStor
File & Content
NAS 3x00 (Titan)
No
No
No LINUX
26
L a s t
2 0 1 5
(SAMBA)
Product Type
Product Name
Affected?
Vulnerable?
File & Content
NAS 30x0 (Mercury)
No
No
File & Content
NAS 4000 Series
No
No
File & Content
SMU
No
No
No
No
No
No
No
No
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Network Storage
Controller (NSC55)
Simple Modular
Storage (SMS)
UCP for Microsoft
Exchange
UCP Select for
Database
UCP Pro (UCP 4000 /
4000e) for VMware
vSphere
UCP Pro (UCP
4000/4000e) for
UCP Select for SAP
HANA

View
vSphere
Module (HUS FM)
Systems
No
No
Systems
Unified Storage VM
(HUS VM)
No
No
Version
More Information

OS
OS

OS
OS
27
L a s t
2 0 1 5
(SAMBA)
Product Type
Product Name
Affected?
Vulnerable?
Systems
Universal Storage
Platform V (USP V)
No
No

OS
No
No

OS
No
No

OS
No
No
No
No
No
No
No
No
Systems
Systems
Systems
Systems
Other
Other
Universal Storage
Platform G1000 (VSP
G1000)
Virtual Storage
Platform (VSP)
Workgroup Modular
Storage WMS
Hi-Track Remote
Monitoring system
Center (RACC)
Version
More Information

OS
OS
RACC does not support Linux
28
L a s t
2 0 1 5
CVE-2015-0235 GHOST: glibc gethostbyname
Buffer Overflow
The following table references Hitachi Data Systems products and solutions affected by the worldwide
security issue known as NTP. Open items are actively updated; please review this table frequently for new
details.
(GHOST)
Product Type
Product Name
Networking
Brocade
VTL
BusTech
Networking
Affected?
Vulnerable?
Version
No
No
FOS, NOS , BNA
Cisco Systems
Yes
Yes
NXOS v6.x, v5.x
Networking
Networking
Emulex
Qlogic
No
No
Software
Software
Arkivio
Business Continuity
Manager
Software
More Information
http://www.brocade.com/downl
oads/documents/technical_supp
ort_bulletins/brocadeassessment-gnu-c-library-sa.pdf
Vendor investigation 1/27/15
Bug CSCus68360 is fixed in
v5.2(8f) and 6.2(11b)

No
No
BCM does not utilize glibc
Software
Software

Command Director
Software
Software
Software
Compute Systems
Manager
Software
Software
Yes
Yes
Fixed with
Service Pak 9
http://documentation.commvault
.com/commvault/v10/article?p=a
nnouncement/announcements.ht
m
29
L a s t
2 0 1 5
(GHOST)
Product Type
Product Name
Software
Software
Device Manager
Dual Active ID
Software
Software
Software
Dynamic Replicator
e-Copy
Software
Software
Advance
Software
Software
IT Operations
Integrator
Software
IT Operations
Repository
Software
LPAR
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Microsoft Adapters
NanoCopy
Oracle Adapters
Power Saving
Protection Manager
Replication Manager
Replication Monitor
SAP Adapters
Sepaton
Server Conductor
Seven10
SpectraLogic
Storage Adapter for
Petrel
Software
Affected?
Vulnerable?
Version
More Information
Tbd
Tbd
Updated expected 3-Feb-14 for:

CB 2500, CB 2000, CB 500,
CB 320

30
L a s t
2 0 1 5
(GHOST)
Product Type
Product Name
Software
Storage Navigator
Modular 2
No
No
Software
for MS SharePoint
No
No
Yes
Yes
Software
Affected?
Vulnerable?
Version
More Information
SNM2 does not contain Linux
OS/glibc. Recommend customer
upgrade to fixed OS/glibc and
then restart SNM2 service.
Storage Services
Manager
Backup Services
Manager (HBSM)
Storage Capacity
Reporter (HSCR)
Software

(HSFR)
(HVSR)
(HFAR)
Software
Software
Software
Software
StorFirst Apollo
Streaming Data
Platform
Symantec Adapters
Tiered Storage
Manager
Software
Tiered Storage
Manager for MF
Software
Software
Tuning Manager
TurboLUN
Software
UCP Orchestration
Software
Software
Integrator
ALL
Under Investigation
31
L a s t
2 0 1 5
(GHOST)
Product Type
Product Name
Software

Diligent
Affected?
Vulnerable?
Version
More Information
VTL

FalconStor
Software
Software
You can download the

patches from the
FalconStor Customer
Support Portal. updaterhel5x06 for CDP
update-rhel5x06 for NSS
update-rhel5x06 for
VTL/SIR
update-rhel5x06 for
VTL/SIR
update-rhel5x06 for
VTL/SIR
update-rhel5x06 for
VTL/SIR
VMware Adapters
Zone Allocation
Manager
No
Systems
Adaptable Modular
Storage (AMS)
Systems
Adaptable Modular
Storage 2000
Systems
Systems
No
No

OS, nor glibc library
No

32
L a s t
2 0 1 5
(GHOST)
Product Type
Product Name
Affected?
Vulnerable?
Version
More Information
33
L a s t
2 0 1 5
(GHOST)
Product Type
Product Name
Affected?
Vulnerable?
Version
More Information
34
L a s t
2 0 1 5
(GHOST)
Product Type
File & Content
File & Content
Product Name
Content Platform
Anywhere (HCP-AW)
Affected?
Yes
Yes
Vulnerable?
No
No
Version
All
More Information
HCP is running impacted versions

of the glibc libraries, however the
vulnerability described in CVE2015-0235 is not exploitable via
any HCP gateways (SSH).
HCP Anywhere versions 1.3 and
earlier are running impacted
versions of the glibc libraries.
However the vulnerability
described in CVE-2015-0235 is
not exploitable via any HCP
Anywhere gateways. The glibc
libraries will be updated to the
latest non-impacted version in
the 2.0 release of HCP Anywhere
which is scheduled for GA on
March 6, 2015.
35
L a s t
2 0 1 5
(GHOST)
Product Type
Product Name
Affected?
Vulnerable?
Systems
Yes
Yes
Systems

for MS SharePoint
No
No
File & Content
Data Ingestor and

HNAS Platform F
Yes
Yes
Version
All
All versions
prior to
03-01-00-00
File & Content
Data Ingestor and

HNAS Platform F
Yes
No
03-01-00-00
and above
Systems
Yes
Yes
All
Systems
Hitachi Universal
Storage VM
No
No
File & Content
HUS File Module
Yes
No
Systems
HyperStor
More Information
HDDS does not use the
gethostbyname function of the
glibc, therefore under normal
operations of HDDS, it is not
affected. However, HDS and Red
Hat recommend the installation
of RHEL 6.2 as there is a security
update which should be applied.
"GHOST: glibc vulnerability (CVE2015-0235)
"https://access.redhat.com/articl
es/1332213
"glibc security update RHSA2015:0099"https://rhn.redhat.co
m/errata/RHSA-2015-0099.html
Yes. If the customer uses HDI

before 03-01-00-00, please
upgrade HDI before 03-01-00-00
to 03-01-00-00 or later.
03-01-00-00 and above versions
do not call any of the affected
gethostbyname functions and
FOS verifies the length of the
hostname and rejects processing
if the hostname variable is too
long.
No fix is currently planned.
Customers should contact their
Account team if a fix is required.
See Tech Bulletin - 82081
36
L a s t
2 0 1 5
(GHOST)
Product Type
Product Name
Affected?
Vulnerable?
File & Content

File & Content
File & Content
File & Content
NAS 3x00 (Titan)

NAS 30x0 (Mercury)
NAS 4000 Series
SMU
Network Storage
Controller (NSC55)
Simple Modular
Storage (SMS)
UCP for Microsoft
Exchange
UCP Select for
No
Yes
Yes
Yes
No
No
No
No
No
No
No
No
No
No
No
No
No
No
Yes
Yes
Fix currently being developed.

(1/28/15)
Yes
Yes
Fix currently being developed.

(1/28/15)
Yes
Yes
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems

Database
UCP Pro (UCP 4000 /
4000e) for VMware
vSphere
UCP Pro (UCP
4000/4000e) for
UCP Select for SAP
HANA
Version
More Information
No LINUX
SUSE Linux Enterprise 11 and

older products. Patches have
been released and can be found
at: This Link

View
No
No
Systems

vSphere
No
No
Systems

Module (HUS FM)
Yes
No
Systems
No
No

37
L a s t
2 0 1 5
(GHOST)
Product Type
Product Name
Affected?
Vulnerable?
Version
More Information
Systems
Unified Storage VM
(HUS VM)
No
No

No
No

No
No

No
No

No
No
No
No
Universal Storage
Platform V
Systems
(USP V)
Systems
Universal Storage
Platform G1000 (VSP
G1000)
Virtual Storage
Platform (VSP)
Workgroup Modular
Storage WMS
Systems
Systems
Systems
Other
Hi-Track Remote
Monitoring system
No
No
Other

Center (RACC)
No
No

RACC does not support Linux
38
L a s t
2 0 1 5
NTP (CVE-2014-9293 through CVE-2014-9296)

issue known as NTP. Open items are actively updated; please review this table frequently for new details.
(NTP)
Product Type
Product Name
Affected?
Vulnerable?
Version
More Information
Networking
Brocade
No
No
FOS, NOS and

BNA.
NTP VU#852879 Vulnerability

Assessment for Brocade
VTL
BusTech
Networking
Cisco Systems
MDS products
are affected

Bug ID CSCus26870 fixed in NXOS
5.2(8f), 6.2(11b)
Networking
Emulex
Networking
Qlogic
Software
Software
Arkivio
Business Continuity
Manager
Software
Yes
Yes
No
No

No
No
Product does not utilize ntpd
Software
Software

Command Director
Compute Systems
Manager
Software
Software
Software
Software

for MS SharePoint
Software
Software
Software
Software
Device Manager
Dual Active ID
Software
39
L a s t
2 0 1 5
(NTP)
Product Type
Product Name
Affected?
Vulnerable?
Version
More Information
No dependency on NTP for
Scout.(only if you use it to sync
with a time server for sync.
Software
Dynamic Replicator
And you can get around these

security vulnerabilities by
updating the with latest NTP
RPMs
For RHEL, please look at :
https://rhn.redhat.com/errata/R
HSA-2014-2024.html
Software
e-Copy
File & Content
Extension Pack for

Secure FTP
Software
Software
Advance
Software
Software
IT Operations
Integrator
Software
Software
Software
Software
Software
Software
Software
IT Operations
Repository
Microsoft Adapters
NanoCopy
Oracle Adapters
Power Saving
Protection Manager
Replication Manager
40
L a s t
2 0 1 5
(NTP)
Product Type
Product Name
Software
Software
Software
Software
Software
Replication Monitor
SAP Adapters
Sepaton
Server Conductor
Seven10
Software
SpectraLogic
Software
Storage Adapter for

Petrel
Software
Storage Navigator
Modular 2
Software
for MS SharePoint
Software
Affected?
Vulnerable?
Yes
Low
No
No
Version
Verde
More Information

Tape not affected Disk low
impact, however Patch being
released. Fix in new version.
Storage Services
Manager
Backup Services
Manager (HBSM)
Storage Capacity
Reporter (HSCR)
Software

(HSFR)
(HVSR)
(HFAR)
Software
Software
Software
Software
Software
StorFirst Apollo
Streaming Data
Platform
Symantec Adapters
Tiered Storage
Manager
Tiered Storage
Manager for MF
41
L a s t
2 0 1 5
(NTP)
Product Type
Product Name
Software
Software
Tuning Manager
TurboLUN
Software
UCP Orchestration
Software
Software
Integrator
Software

Diligent
VTL

FalconStor
Software
Software
Affected?
Vulnerable?
Version
Yes
Yes
All Versions
More Information
Affected. Working on patch for

current version, addressed in
future versions. 1-8-15
VMware Adapters
Zone Allocation
Manager
Systems
Adaptable Modular
Storage (AMS)
Systems
Adaptable Modular
Storage 2000
Systems
No
No
No
No
42
L a s t
2 0 1 5
(NTP)
Product Type
Product Name
Affected?
Vulnerable?
Version
More Information

CVE-2014-9294 is not applicable to any product
CVE-2014-9296 is not applicable to any product
Systems
43
L a s t
2 0 1 5
(NTP)
Product Type
Product Name
File & Content

and Content Platform
Anywhere (HCP-AW)
Systems
Systems

for MS SharePoint
Affected?
No
Vulnerable?
Version
More Information
No
External time servers connected

to HCP should be secure and
trusted servers that should be
updated to NTP 4.2.8 or greater
File & Content
Data Ingestor
No
No
System does not use Key

Authentication and discards
connection requests exploited by
vulnerability
Systems
Hitachi Universal
Storage VM
No
No
File & Content
HUS File Module
Yes
Systems
File & Content
HyperStor
NAS 3x00 (Titan)
No
File & Content
NAS 30x0 (Mercury)
Yes
File & Content
NAS 4000 Series
Yes
File & Content
SMU
Yes
No
Limited (no
Internet)
Limited (no
Internet)
Limited (no
Internet)
File & Content
NAS Platform F
No
No
Not a LINUX base, custom NTP

Fix will be available in 12.1MR
(TBD) in Feb 2015
Fix will be available in 12.1MR
(TBD) in Feb 2015
Fix will be available in SMU
12.1.3613.08, 12.2.3753.07 in Feb
2015
System does not use Key
Authentication and discards
connection requests exploited by
vulnerability
No
No
No
No
No
No
No
No
No
No
Systems
Systems
Systems
Systems
Systems
Network Storage
Controller (NSC55)
Simple Modular
Storage (SMS)
UCP for Microsoft
Exchange
UCP Select for
Database
All GA
All GA
All GA
NTP issue is found in UCP

Director only.
Director only.
Director only.
44
L a s t
2 0 1 5
(NTP)
Product Type
Systems
Systems
Systems
Systems
Product Name
UCP Pro (UCP 4000 /
4000e) for VMware
vSphere
UCP Pro (UCP
4000/4000e) for
UCP Select for SAP
HANA
Affected?
Vulnerable?
Yes
Yes

Director only.
No
No

Director only.
No

Director only.
No
Version
More Information

View
No
No

Director only.
Systems

vSphere
No
No

Director only.
Systems

Module (HUS FM)
Systems
No
No
Systems
Unified Storage VM
(HUS VM)
No
No
Universal Storage
Platform V
No
No
Systems
(USP V)
Systems
Universal Storage
Platform G1000 (VSP
G1000)
Virtual Storage
Platform (VSP)
Workgroup Modular
Storage WMS
Systems
Systems
Systems
No
No
No
No
No
No
No
No
45
L a s t
2 0 1 5
(NTP)
Product Type
Product Name
Affected?
Vulnerable?
Other
Hi-Track Remote
Monitoring system
No
No
Other

Center (RACC)
No
No
Version
More Information
Poodle CVE-2014-3566
issue known as Poodle. Open items are actively updated; please review this table frequently for new details.
(POODLE)
Product
Type
Product Name
Affected? Vulnerable? Version

Yes
Yes
FOS 6.x
FOS 7.x
Networking Cisco Systems
Yes
Yes
NX-OS
5.x; 6.x
Networking Emulex
No
No
Networking Brocade
VTL
BusTech
Networking Qlogic
Yes
Software
Software
Arkivio
Software
Business Continuity
Manager
Software
CA Integration
Module
Yes
Yes
No
8.0.14.12
and
below
All
More Information
Fix issued in the following FOS releases:
6.4.3g; 7.02f; 7.1.2c; 7.2.1d; 7.3.0c
Under Investigation as of 10-16
Fixed in the following NXOS releases: 5.2(8e),
6.2(9a) and 6.2(11b)
Fixed in firmware 8.0.14.13.00

BCM does not use SSL, but IBM HTTP Server
(HIS) uses SSL communications between BCM
and HRpM. IBM recommends disabling SSL v3.
46
L a s t
(POODLE)
Product
Type
Software
Software
Software
2 0 1 5
Product Name
More Information
Yes
Has statement.

Command Director
No
Low
No
Yes
Need to disable SSL v3 on server side and use

other secure communication method with
client side.
Yes

client side.
Software
Compute Systems
Manager
Software

for MS SharePoint
Software
Data Instance
Manager
Software
Software
Device Manager
Software
Dual Active ID
Software
Dynamic Link
Manager
Software
Software
Dynamic Replicator
e-Copy
File &
Content
Extension Pack for

Secure FTP
Software
IT Operations
Analyzer
Yes
Software
IT Operations
Analyzer Advance
Yes
Software
Yes
No

client side.
Under Investigation as of 10-16.

client side.
client side.
client side.
47
L a s t
(POODLE)
Product
Type
Product Name
Software
IT Operations
Integrator
No
Software
IT Operations
Repository
No
Software
Software
Software
Software
Software
Microsoft Adapters
NanoCopy
Oracle Adapters
Power Saving
Protection Manager
Software
Replication Manager
Software
Software
Software
Software
Software
Software
Replication Monitor
SAP Adapters
Sepaton
Server Conductor
Seven10
SpectraLogic
Storage Adapter for
Petrel
Software
Software
Storage Navigator
Modular 2
Software
for MS SharePoint
Software
Software
2 0 1 5
More Information
client side.
client side.

client side.
Yes
No
Yes
Low Risk
V4 and
above for
DF850
V21 and
above for
DF800
SNM2 GUI is affected (NOT CLI, NOT API). Fix

schedule TBD, Alert pending. Suggest
disabling SSL v3 in web browser for interim
Storage Services
Manager
Backup Services
Manager (HBSM)
48
L a s t
(POODLE)
Product
Type
Product Name
2 0 1 5
More Information
Storage Capacity
Reporter (HSCR)
Storage Fabric
Reporter (HSFR)
(HVSR)
(HFAR)
Software
StorFirst Apollo
Streaming Data
Platform
Symantec Adapters
No
Software
Tiered Storage
Manager
Yes

client side.
Software
Tiered Storage
Manager for MF
Software
Tuning Manager
Yes

client side.
Software
TurboLUN
Software
UCP Orchestration
Software
Software
Integrator
Software

Diligent
VTL

FalconStor
Software
VMware Adapters
Software
Software
Not
affected
49
L a s t
(POODLE)
Product
Type
Product Name
Software
Zone Allocation
Manager
Systems
Adaptable/Workgroup Not
affected
Modular Storage
(AMS/WMS)
Systems
Adaptable Modular
Storage 2000
Systems
Systems
Systems
Systems
Compute Blade 2000

Compute Blade 500
Compute Blade 320
Compute Rack
210H/220H/220S
Compute Rack 220
Content Platform
(HCP) and Content
Platform Anywhere
(HCP-AW)
for MS SharePoint
Systems
Systems
File &
Content
Systems
Systems
File &
Content
Data Ingestor
File &
Content
High-performance
NAS Platform
Systems
Hitachi Universal
Storage VM
File &
Content
Systems
File &
Content
2 0 1 5
Yes
Low Risk
V04 and
later
More Information
082030
081645
Yes
Low Risk
All
Fix schedule TBD
Yes
Low Risk
All
81729
YES
Low Risk
Release
8.x
HUS File Module

HyperStor
NAS 3x00 (Titan)
50
L a s t
(POODLE)
Product
Type
File &
Content
File &
Content
File &
Content
File &
Content
Systems
Systems
File &
Content
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
2 0 1 5
Product Name
NAS 30x0 (Mercury)
YES
Low Risk
NAS 4000 Series
YES
Low Risk
SMU
YES
Low Risk
NAS Platform F
Yes
Low Risk
All
Fix schedule TBD
Low Risk
V04 and
later
Fix schedule TBD, Alert pending
Network Storage
Controller (NSC55)
Simple Modular
Storage (SMS)
More Information
Prior to
12.1
Prior to
12.1
Prior to
12.2
TBD
Yes
Titan
UCP for Microsoft
Exchange
UCP for Microsoft SQL
Server
UCP for Oracle
Database
UCP Pro for VMware
vSphere
UCP Pro for VMware
vSphere
UCP Select for Citrix
XenDesktop
UCP Pro for VMware
vSphere
UCP Select for Citrix
XenDesktop
UCP Select for
Microsoft Private
Cloud
Systems
Systems
UCP Select for SAP

HANA
51
L a s t
(POODLE)
Product
Type
Systems
Systems
Systems
Systems
Systems
Product Name
File &
Content

Module (HUS FM)
Systems
Unified Storage VM
(HUS VM)
Systems
More Information
Yes
Low Risk
All
082030
Yes
Low Risk
All
81729
All
81729
Yes
Low Risk
Yes
Low Risk
All
81729
Yes
Low Risk
All
Only SMI-S is affected (SN/SVP not affected),

81729
All
81729
Universal Storage
Platform V
(USP V)
Systems
UCP Select for SAP

HANA
UCP Select for
VMware View
UCP Select for SAP
HANA
UCP Select for
VMware View
UCP Select for
VMware vSphere
Systems
Systems
2 0 1 5
Universal Storage
Platform VM (USP
VM)
Platform G1000 (VSP
G1000)
Systems
Virtual Storage
Platform (VSP)
Yes
Low Risk
Other
Hi-Track Remote
Monitoring system
No
No
Other
Remote Access
Control Center (RACC)
No
No
52
L a s t
2 0 1 5
53
L a s t
2 0 1 5
Shellshock CVE-2014-6271
issue known as Shellshock. Open items are actively updated; please review this table frequently for new details.
(Shellshock)
Product Type
Product Name
Affected?
Vulnerable?
Version
More Information
Networking
Brocade
Yes
Yes
FOS 6.x, 7.x
VTL
Networking
BusTech
Cisco Systems
TBD
Yes
Yes
NXOS 5.x;
6.x
Fixed in FOS 6.4.3g; 7.1.2b; 7.2.1d;

7.3.0b
Under investigation
Fixed in NXOS 5.2(8e); 6.2(9a)
Networking
Networking
Networking
Ctera
Emulex
Qlogic
No
No
Yes
No
Yes
Software
Application
Protector
Arkivio
Business
Continuity
Manager
CA Integration
Module
Clinical
Repository Karos
Clinical
Repository Visbion
Command
Director
Compute
Systems
Manager
Data Discovery
Suite for MS
SharePoint
Data Instance
Manager
Data Protection
Suite
TBD
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
TBD
TBD
8.0.14.12
and below
Fixed in firmware 8.0.14.13.00
Under investigation
TBD
No
No
No
No
TBD
TBD
TBD
54
L a s t
2 0 1 5
(Shellshock)
Product Type
Product Name
Affected?
Software
Software
Software
Device Manager
Dual Active ID
Dynamic Link
Manager
Dynamic
Replicator
e-Copy
Extension Pack
for Secure FTP
IT Operations
Analyzer
IT Operations
Analyzer
Advance
IT Operations
Director
IT Operations
Integrator
IT Operations
Repository
Microsoft
Adapters
NanoCopy
Oracle Adapters
Power Saving
Protection
Manager
Replication
Manager
Replication
Monitor
SAP Adapters
Sepaton
Server
Conductor
Seven10
SpectraLogic
Storage Adapter
for Petrel
No
TBD
No
Software
Software
File & Content
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Vulnerable?
No
TBD
Yes
Version
More Information
Under investigation
No
Alert #81524
TBD
TBD
TBD
TBD
TBD
TBD
TBD
TBD
TBD
No
No
No
TBD
TBD
TBD
No
TBD
TBD
55
L a s t
2 0 1 5
(Shellshock)
Product Type
Product Name
Affected?
Vulnerable?
Software
Storage
Navigator
Modular 2
Storage
Optimization for
MS SharePoint
Storage Services
Manager
Storage Viewer
Suite
No
No
Software
Software
Software
Version
More Information
81554
TBD
TBD
No
Backup Services
Manager (HBSM)
Storage Capacity
Reporter (HSCR)
Storage Fabric
Reporter (HSFR)
Virtual Server
Reporter (HVSR)
File Analytics
Reporter (HFAR)
Software
Software
Software
Software
Software
Software
Software
StorFirst Apollo
Streaming Data
Platform
Symantec
Adapters
Tiered Storage
Manager
Tiered Storage
Manager for MF
Tuning Manager
TurboLUN
No
TBD
TBD
No
No
No
TBD
56
L a s t
2 0 1 5
(Shellshock)
Product Type
Product Name
Affected?
Vulnerable?
Software
UCP
Orchestration
Software
Yes
Yes
Version
More Information
If you are using versions of Bash in
operating systems based on SUSE
Linux Enterprise 9, 10 or 11, your
servers are potentially at risk. If
your systems are compromised, we
recommend that you patch your
systems right away.
Follow this link for the security
update from SUSE:
https://www.suse.com/support/up
date/announcement/2014/susesu-20141247-1.html
Software
Software
VTL
Software
Software
Systems
Systems
Systems
Systems
Systems
Systems
Virtual
Infrastructure
Integrator
Virtual Tape
Library Diligent
Virtual Tape
Library
FalconStor
VMware
Adapters
Zone Allocation
Manager
Adaptable
Modular
Storage (AMS)
Adaptable
Modular
Storage 2000
Capacity
Optimization
Compute Blade
2000
Compute Blade
500
Compute Blade
320
TBD
TBD
Yes
Yes
Current
Patch is available on
falconstore.com
TBD
TBD
No
81554
No
81554
No
No
TBD
No
No
N/A
No
No
N/A
No
No
N/A
57
L a s t
2 0 1 5
(Shellshock)
Product Type
Product Name
Affected?
Vulnerable?
Version
Systems
Compute Rack
210H/220H/220
S
Compute Rack
220
Content
Platform (HCP)
and Content
Platform
Anywhere (HCPAW)
Data Discovery
Suite
Data Discovery
Suite for MS
SharePoint
Data Ingestor
No
No
N/A
No
No
N/A
No
No
All
No
Dependent
Yes
No
Highperformance
NAS Platform
Hitachi
Universal
Storage VM
HUS File
Module
HyperStor
Mercury
NAS 4000 Series
NAS Platform
NAS Platform F
Network
Storage
Controller
(NSC55)
Simple Modular
Storage (SMS)
Titan
Yes
No
Alert #81511
No
No
81554
Yes
No
Alert #81511
TBD
Yes
Yes
Yes
Yes
No
No
No
No
No
No
Alert #81511
Alert #81511
Alert #81511
Alert #81528
81554
No
No
81554
Yes
No
Alert #81511
Systems
File & Content
Systems
Systems
File & Content

File & Content
Systems
File & Content

Systems
File & Content
File & Content
File & Content
File & Content
Systems
Systems
File & Content
More Information
Alert #81528
Customer responsible to patch Red

Hat Linux installation
No
All
Alert #81520
58
L a s t
2 0 1 5
(Shellshock)
Product Type
Product Name
Affected?
Vulnerable?
Systems
UCP for
Microsoft
Exchange
UCP for
Microsoft SQL
Server
UCP for Oracle
Database
UCP Pro for
VMware
vSphere
UCP Select for
Citrix
XenDesktop
UCP Select for
Microsoft
Private Cloud
UCP Select for
Oracle
UCP Select for
SAP HANA
No
No
No
No
No
No
Yes
Yes
No
No
No
No
No
No
Yes
Yes
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Version
More Information
Under investigation
SUSE Linux
Enterprise
9, 10, 11
If you are using versions of Bash in

operating systems based on SUSE
Linux Enterprise 9, 10 or 11, your
servers are potentially at risk. If
your systems are compromised, we
recommend that you patch your
systems right away.
Follow this link for the security
update from SUSE:
https://www.suse.com/support/up
date/announcement/2014/susesu-20141247-1.html
Systems
Systems
Systems
UCP Select for

VMware View
UCP Select for
VMware
vSphere
Unified Storage
(HUS)
No
No
No
No
No
No
81554
59
L a s t
2 0 1 5
(Shellshock)
Product Type
Product Name
Affected?
Vulnerable?
File & Content
Unified Storage
File Module
(HUS FM)
Unified Storage
VM (HUS VM)
Universal
Storage
Platform V
(USP V)
Universal
Storage
Platform VM
(USP VM)
Hitachi Virtual
Storage
Platform G1000
(VSP G1000)
Virtual Storage
Platform (VSP)
Workgroup
Modular
Storage WMS
Hi-Track
Remote
Monitoring
system
Remote Access
Control Center
(RACC)
Yes
No
81511
No
No
81554
No
No
81554
No
No
81554
No
No
81554
No
No
81554
No
No
81554
No
No
No
No
Systems
Systems
Systems
Systems
Systems
Systems
Other
Other
Version
More Information
60
L a s t
2 0 1 5
OpenSSL Heartbleed
The following table references Hitachi Data Systems products and accessories affected by the worldwide security issue
known as OpenSSL Heartbleed. Open items are actively updated; please review this table frequently for new details.
(Heartbleed)
Product Type
Networking
Networking
Networking
Networking
Networking
Networking
Networking
Networking
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Product Name
Asempra
Brocade
BusTech
Ciena
Cisco Systems
Ctera
Emulex
Qlogic
Arkivio
Business Continuity Manager
Clinical Repository - Karos
Clinical Repository - Visbion
Command Director
Compute Systems Manager
Data Discovery Suite for MS
SharePoint
Device Manager
Dual Active ID
Dynamic Replicator
e-Copy
Extension Pack for Secure FTP
IT Operations Analyzer Advance
IT Operations Integrator
IT Operations Repository
Microsoft Adapters
NanoCopy
Affected?
No
No
No
No
Version
FOS, NOS, BNA
See Cisco.com.
Advisory ID: cisco-sa-20140409heartbleed
No
No
No
No
No
No
No
Yes
No
No
More Information
v1, v2
680669
All
Patch Available April 14, 2014
No
No
No
No
No
Yes
No
No
No
No
No
No
61
L a s t
(Heartbleed)
Product Type
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Product Name
Oracle Adapters
Power Saving
Protection Manager
Replication Manager
Replication Monitor
SAP Adapters
Sepaton
Server Conductor
Seven10
SpectraLogic
Storage Adapter for Petrel
Storage Navigator Modular 2
Storage Optimization for MS
SharePoint
Storage Services Manager
Affected?
No
2 0 1 5
Version
More Information
No
No
No
No
No
No
No
No
No
Backup Services Manager (HBSM)

Storage Capacity Reporter (HSCR)
Storage Fabric Reporter (HSFR)
Virtual Server Reporter (HVSR)
File Analytics Reporter (HFAR)
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Software
Systems
Systems
Systems
Systems
Systems
Systems
StorFirst Apollo
Streaming Data Platform
Symantec Adapters
Tiered Storage Manager
Tiered Storage Manager for MF
Tuning Manager
TurboLUN
UCP Orchestration Software
Virtual Infrastructure Integrator
Virtual Tape Library Diligent
Virtual Tape Library FalconStor
VMware Adapters
Zone Allocation Manager
5700 Series
5800 Series
7000 Series
9200 Series
9500 V Series
9900 Series
No
No
No
No
Yes
No
No
No
No
2.x, 3.x
080667
No
No
No
No
No
No
62
L a s t
(Heartbleed)
Product Type
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Product Name
9900 V Series
Adaptable Modular Storage
(AMS)
Adaptable Modular Storage 2000
Compute Blade 2000
Compute Blade 500
Compute Blade 320
Compute Rack 210H/220H/220S
Compute Rack 220
Content Archive Platform
Content Platform Anywhere
(HCP-AW)
Data Discovery Suite for MS
SharePoint
Data Ingestor
High-performance NAS Platform
Hitachi Universal Storage VM
HUS File Module
HyperStor
Mercury
NAS 4000 Series
NAS Platform
NAS Platform F
Network Storage Controller
(NSC55)
Simple Modular Storage (SMS)
Titan
UCP for Microsoft Exchange
UCP for Microsoft SQL Server
UCP for Oracle Database
UCP Pro for VMware vSphere
UCP Select for Citrix XenDesktop
UCP Select for Microsoft Private
Cloud
UCP Select for SAP HANA
Affected?
No
2 0 1 5
Version
More Information
No
No
Yes
Yes
No
Yes
No
No
No
080852
080850
080854
No
No
No
No
No
No
Yes
Yes
Yes
Yes
Yes
No
No
No
No
No
No
No
Yes
No
No
No
Yes
11.1.3200.00 +
080654
11.1.3200.00 +
11.1.3200.00 +
11.1.3200.00 +
080654
080654
080654
080667
Scale-Out solutions use HNAS.
63
L a s t
(Heartbleed)
Product Type
Systems
UCP Select for VMware View
Yes
VMware 5.5
Systems
Systems
UCP Select for VMware vSphere

Unified Storage File Module (HUS
FM)
Unified Storage VM (HUS VM)
Universal Storage Platform V
(USP V)
Universal Storage Platform VM
(USP VM)
Hitachi Virtual Storage Platform
G1000 (VSP G1000)
Virtual Storage Platform (VSP)
Workgroup Modular Storage
WMS
Hi-Track Remote Monitoring
system
Remote Access Control Center
(RACC)
Yes
No
VMware 5.5
More Information
Please refer to HNAS product for
resolution. 080654
See VMware.com; No for
VMware 5.1
See VMware.com; No for
VMware 5.1
Yes
Yes
11.1.3200.00 +
OSS V03
080654
080650
OSS V01
OSS V06
080650
080650
Systems
Systems
Systems
Systems
Systems
Systems
Systems
Other
Other
Product Name
Affected?
2 0 1 5
Version
No
No
Yes
Yes
No
No
No
64

Cust Letter Shellshock Hitachi

Caricato da

Informazioni sul documento

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Cust Letter Shellshock Hitachi

Caricato da

Copyright:

Formati disponibili

L a s t

Hitachi Data Systems Product Affectivity

CVE-2015-1635 HTTP.sys Remote Code Execution Vulnerability: HTTP.sys in Microsoft Windows

April 22, 2015

March 30, 2015

CVE-2015-0204-FREAK: The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

December 22, 2014

CVE-2015-1635 HTTP.sys Remote Code Execution

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

(CVE-2015-1635) HTTP.sys Remote Code Execution Vulnerability

Clinical Repository Karos

Clinical Repository Visbion

Data Instance Manager

Data Protection Suite

Dynamic Link Manager

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

(CVE-2015-1635) HTTP.sys Remote Code Execution Vulnerability

Recommend customer patch OS

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

(CVE-2015-1635) HTTP.sys Remote Code Execution Vulnerability

Storage Fabric Reporter

Virtual Tape Library

Virtual Tape Library

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

(CVE-2015-1635) HTTP.sys Remote Code Execution Vulnerability

File & Content

System does not contain

System does not contain

Content Platform (HCP)

File & Content

File & Content

Data Discovery Suite

Data Discovery Suite

File & Content

Data Ingestor and

If HFSM is installed in a windows

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

(CVE-2015-1635) HTTP.sys Remote Code Execution Vulnerability

Essential NAS Platform

File & Content

HUS File Module

File & Content

NAS 3x00 (Titan)

File & Content

NAS 30x0 (Mercury)

File & Content

NAS 4000 Series

File & Content

System does not contain

UCP for Microsoft

UCP Select for

UCP Select for Oracle

UCP Pro (UCP 4000 /

System does not contain

Hitachi Data Systems | Security Vulnerabilities and Product Affectivity

(CVE-2015-1635) HTTP.sys Remote Code Execution Vulnerability

UCP Select for VMware

UCP Select for VMware

Unified Storage File

Unified Storage (HUS)

System does not contain

System does not use affected

System does not use affected