How Do I Resolve My Security or Vulnerability Question?
Content

Question

What Is the Fastest Way to Resolve My Security or Vulnerability Question?

Environment

  • All Hitachi products and solutions

Answer

  1. What's the fastest way to determine whether a given vulnerability affects my Hitachi Vantara product?

Visit the Hitachi Vantara Knowledge Base here: https://knowledge.hitachivantara.com/ and search for the CVE number (Important: You must have a Support Connect account. Register here if you have not already).

If a Hitachi Vantara KB article exists for that CVE number, it will usually be shown as the first result. See the article to determine if your product is vulnerable and/or if there are remediation steps available.

  1. What if no Hitachi Vantara KB article is found for that CVE number, or the article is found but no remediation steps are shown for my product?

Submit a support case through Support Connect and make sure to include the following information to vastly decrease resolution time:

  • CVE # (if available) CVE #'s are in this format: CVE-2017-0143
  • Hitachi Vantara Product(s) for which you are requesting vulnerability information
  1. Our vulnerability scanner (Qualys, Tenable/Nessus, etc) results showed an entry or entries seemingly related to my Hitachi Vantara product--what's the fastest way to resolve this?

First, ensure you're running an up-to-date version of the firmware for the product(s) in question. This alone could significantly change the scanning results. 

If the vulnerability remains after updating, submit a support case, and make sure to include the following information to vastly decrease resolution time:

  • Name and version of the security scanner used (e.g., Qualys, Tenable/Nessus, etc), 
  • Date/time the scan was conducted 
  • Scan result of concern
  • If available, Qualys ID or Nessus Plugin ID of the positive scan result of concern
  • If applicable, include the CVE#, Bugtraq ID, and/or CERT Vulnerability Number of the positive scan result of concern
  • If known, state whether your organization has actually been exploited by the vulnerability of concern
  • The Hitachi Vantara products involved in the scan, firmware/software version installed, the affected TCP and UDP ports, and affected IP addresses
  • After submitting the case and receiving your case #, ensure that the vulnerability scan results (Qualys, Nessus, etc.) are uploaded to TUF. Click here to upload your scan results. 
Attachments
CXone Metadata