Skip to content

Multiple Security Vulnerabilities in Apache Log4j Library

Updated  by hvuser
  • PDF
  • Print
  • Copy To Clipboard
  • Collapse All Expand All

Content

Priority: Moderate

Status: Monitoring

 

First Published: 2021 December 10
Last Updated: 2022 June 20

Advisory Version: 3.02

References: CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, CVE-2021-44832

 

Summary

Security vulnerabilities of varying severity in the Log4j Java-based logging library have been identified. Specifically, in versions of the Log4j2 tool beginning with v2.0-beta9, and prior to v2.17.1, vulnerabilities could allow an attacker to remotely execute code or cause denial of service.

The following four vulnerabilities have been announced:

CVE-2021-44228 (Critical - Affecting all Log4j2 versions prior to v2.15.0) - Disclosed on 9 December 2021
CVE-2021-45046 (Critical - Affecting all Log4j2 versions prior to v2.16.0) - Disclosed on 14 December 2021
CVE-2021-45105 (Moderate - Affecting all Log4j2 versions prior to v2.16.0) - Disclosed on 18 December 2021
CVE-2021-44832 (Moderate - Affecting all Log4j2 versions prior to v2.17.1) - Disclosed on 28 December 2021


Please refer to the following resources for additional information regarding these vulnerabilities:

Affected Products

For the latest information regarding potential impact to Hitachi Vantara Lumada and Pentaho products, please see here.

Vulnerable Products

Hitachi Vantara is currently investigating its product lines to determine if any are affected by these vulnerabilities. If any products or solutions are found to be impacted, they will be indicated in this section, in subsequent updates to this advisory, along with information regarding mitigations or fixed release versions (if such information is available at the time). Likewise, any products or solutions that have been confirmed not to be affected by the given vulnerability will be listed in the section below.

NOTE: Cited product documentation, including product-specific Alerts and Technical Bulletins, are available to Hitachi Vantara customers logged into Support Connect.

Product Notes / Fixed Release Version
Storage Systems
Hitachi Virtual Storage Platform VSP E990, VSP E790, VSP E590
(NOTE: These models are not affected if in an SVP-less configuration.)

Now 93-05-05-x0/00-M053 and 93-06-02-x0/00-M052 and 93-06-22-x0/00-M051 are available which replaces Log4j with Logback, and deletes the contents of all Log4j files, nullifying any future attack vector.

Target early June 2022, a microcode will be provided which removes the empty and nullified Log4j files entirely.

CVE-2021-44228 & CVE-2021-45046:

Contains version 2.8.2, utilized only by Storage Navigator and Export Tool 2

To mitigate affectivity, you can immediately perform the following workarounds:

1.       Stop services used by Storage Navigator when not in use (How to stop SVP services)

2.       Do not use Export Tool 2

Pending remediation availability, Service Processor (SVP) network access can temporarily be disabled. Please note that doing so will only affect remote administration of the storage array. Production availability and functionality of the array will not be affected.

Microcode versions 93-04-04-x0/00-M042 and 93-05-04-x0/00-M041 and 93-06-01-x0/00-M039 are available now with affected components removed.

CVE-2021-45105: Not affected
CVE-2021-44832: Not affected

Hitachi Virtual Storage Platform VSP F/G350, VSP F/G370, VSP F/G700, VSP F/G900
(NOTE: These models are not affected if in an SVP-less configuration.)

Now 88-08-05-x0/00-M104 is available which replaces Log4j with Logback, and deletes the contents of all Log4j files, nullifying any future attack vector.

Target early June 2022, a microcode will be provided which removes the empty and nullified Log4j files entirely.

CVE-2021-44228 & CVE-2021-45046:

Contains version 2.8.2, utilized only by Storage Navigator and Export Tool 2

To mitigate affectivity, you can immediately perform the following workarounds:

1.       Stop services used by Storage Navigator when not in use (How to stop SVP services)

2.       Do not use Export Tool 2

Pending remediation availability, Service Processor (SVP) network access can temporarily be disabled. Please note that doing so will only affect remote administration of the storage array. Production availability and functionality of the array will not be affected.

Microcode version 88-08-04-x0/00-M101 is available now with affected components removed.

CVE-2021-45105: Not affected
CVE-2021-44832: Not affected

Hitachi Virtual Storage Platform VSP G200, VSP F/G/N400, VSP F/G/N600, VSP F/G/N800

Now 83-05-44-x0/00-M181 and 83-06-16-x0/00-M182 are available which replaces Log4j with Logback, and deletes the contents of all Log4j files, nullifying any future attack vector.

Target early June 2022, a microcode will be provided which removes the empty and nullified Log4j files entirely.

CVE-2021-44228 & CVE-2021-45046:

Contains version 2.8.2, utilized only by Storage Navigator

To mitigate affectivity, you can immediately perform the following workaround:

1.       Stop services used by Storage Navigator when not in use (How to stop SVP services)

Pending remediation availability, Service Processor (SVP) network access can temporarily be disabled. Please note that doing so will only affect remote administration of the storage array. Production availability and functionality of the array will not be affected.

Microcode versions 83-05-43-x0/02-M176 and 83-06-15-x0/02-M177 are available now with affected components removed.

CVE-2021-45105: Not affected
CVE-2021-44832: Not affected

Content Products
Content Platform (versions 8.2 and higher)

CVE-2021-44228 & CVE-2021-45046

Technical Bulletin detailing latest mitigation steps can be found here

CVE-2021-45105: NOT affected

CVE-2021-44832:  Vulnerable

A 9.3.3 permanent fix release that updates the Log4j version to 2.17.1 is available for download.  This will address all 4 CVE's discussed in this article.

HCP for Cloud Scale

CVE-2021-44228 

Mitigation steps in the form of a Technical Bulletin are available here for those unable to upgrade.

A 2.3.2 maintenance release is now available for download. 

CVE-2021-45105 & CVE-2021-45046: NOT affected

CVE-2021-44832: Not affected

Content Platform Anywhere (version 4.3.0 and newer)

CVE-2021-44228 & CVE-2021-45046

Technical Bulletin describing the vulnerability & mitigation steps can be found here.

Permanent fix release version 4.5.2 is available for download.

HCP Anywhere version 4.2.x and earlier are not affected as these releases utilize versions of Log4j that are not affected as documented in Apache Log4j Security Vulnerabilities, under the section: Fixed in Log4j 2.15.0. 

Please note these details apply to Anywhere Edge as well. The same mitigations steps are applicable

CVE-2021-45105: NOT affected

CVE-2021-44832: NOT affected

Content Platform Gateway

CVE-2021-44228, CVE-2021-45046 & CVE-2021-45105

The exposure is limited to when the management UI is running, and when the Restore application is executed.  These processes are using an older version of Log4j. 

Mitigation steps can be found here for Windows versions and here for Linux versions.

CVE-2021-44832: Vulnerable

4.2 release (date TBD) will address the UI and contain log4h 2.17.1.

Content Platform S Series (all models)

CVE-2021-44228 & CVE-2021-45046

All models vulnerable. Releases 2.x and 3.x vulnerable. 

A fixed release 3.1.3 (S11 & S31 models) that contains the log4j version 2.16 is available for download.

A fixed release 2.2.3 (S10 & S30 models) that contains the 2.17.1 Log4j version is available for download.

Hotfix updates (containing the log4j version 2.16 update) for each of the in-use releases (2.1.9.8, 2.1.10.3, 2.2.0.x, 2.2.1.4, 2.2.2.5 and 3.1.1.x) are available for download. Releases 2.1.8 and earlier should upgrade to 2.1.9.8 and apply hotfix to address log4j vulnerabilities.

See Alert A2021122101 for details on applying the 2.2.x and 3.1.x hotfix.  See Alert A2021122102 for details on applying the 2.1.x hotfix.

CVE-2021-45105: NOT affected

CVE-2021-44832: NOT affected

Content Intelligence

CVE-2021-44228 & CVE-2021-45046

Technical Bulletin describing the vulnerability & mitigation steps can be found here.

CVE-2021-45105: NOT affected

CVE-2021-44832: NOT affected

Hitachi Unified Compute Platform (UCP)

UCP HC / CI / RS

UCP 4000*
* UCP Director itself is not affected

Hitachi UCP solutions that use VMware vCenter Server are vulnerable to CVE-2021-44228 and CVE-2021-45046. We strongly urge customers with these solutions to refer to the official security advisory from VMware, VMSA-2021-0028.1, to assess their risk for vulnerability and, if applicable and when available, implement VMware's specified remediation.

Brocade Products
Brocade SANnav v2.1.1, v2.1.0, v2.0.0

Please refer to BSA-2021-1651 for the latest information from Brocade regarding mitigation steps for affected versions of SANnav.

Cisco Products
Cisco Data Center Network Manager (DCNM) Please refer to Cisco's official Security Advisory for CVE-2021-44228 for the latest information from Cisco regarding their investigation into impact to DCNM.
Software Products
Hitachi Ops Center
Administrator

Version 10.8.0-04 of Administrator is now available for download on Support Connect, for registered Hitachi Vantara customers. This version mitigates CVE-2021-44228.

* Administrator is not affected by CVE-2021-45406, CVE-2021-45105, or CVE-2021-44832.

Hitachi Ops Center
Automator
Version 10.8.0-04 of Automator is now available for download on Support Connect, for registered Hitachi Vantara customers. This version mitigates CVE-2021-44228.

* Automator is not affected by CVE-2021-45406, CVE-2021-45105, or CVE-2021-44832.
Hitachi Ops Center
Analyzer (Detail View), Analyzer (Probe)
Version 10.8.0-04 of Analyzer is now available for download on Support Connect, for registered Hitachi Vantara customers. This version mitigates CVE-2021-44228.

*
Analyzer (Detail View) and Analyzer (Probe) are not affected by CVE-2021-45406, CVE-2021-45105, or CVE-2021-44832.
Hitachi Device Manager (HDvM)
Host Data Collector 8.7.0-02 or later

HDvM Agent and HDvM Server are not affected.
Remediation available for CVE-2021-44228
Please see Alert A2021121403 for more information.

* HDvM (Host Data Collector) is not affected by CVE-2021-45406, CVE-2021-45105, or CVE-2021-44832.

* HDvM 8.8.1, and all other applications/components in the HCS 8.8.1 suite, are not affected by CVE-2021-45406, CVE-2021-45105, or CVE-2021-44832.
Hitachi Infrastructure Analytics Advisor (HIAA) Remediation available for CVE-2021-44228
Please see Alert A2021121403 for more information.

*HIAA is not affected by CVE-2021-45406, CVE-2021-45105, or CVE-2021-44832.
Export Tool 2 (Monitor 2) Remediation is now included in associated storage microcode updates.
Adapter Products
Hitachi Storage Plugin for VMware vCenter

Remediation for CVE-2021-44228 included in v04.7.1, now available on Support Connect for registered Hitachi Vantara customers
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected

Products Confirmed Not Vulnerable

* As this is an ongoing investigation across all Hitachi Vantara product lines, please note that products may be reclassified as vulnerable as they continue to be evaluated for risk, as additional information pertaining to CVE-2021-44228 and CVE-2021-45046 is released.

Product Notes
Storage Systems
Hitachi Virtual Storage Platform VSP 5100,  VSP 5100H,  VSP 5500, VSP 5500H
(VSP 5x00) RAID 900

· CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
· CVE-2021-44832: Not affected

Though Log4j components are present on the RAID 900 Service Processor (SVP), they are inert and not used by any system processes. Target early March 2022, a microcode will be provided which removes all Log4j files entirely.

Hitachi Virtual Storage Platform VSP 5200,  VSP 5200H,  VSP 5600, VSP 5600H
(VSP 5x00) RAID 900

· CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
· CVE-2021-44832: Not affected

Though Log4j components are present on the RAID 900 Service Processor (SVP), they are inert and not used by any system processes. Target early March 2022, a microcode will be provided which removes all Log4j files entirely.

Hitachi Virtual Storage Platform G1000, F/G1500
(VSP F/G1x00) RAID 800
· CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
· CVE-2021-44832: Not affected
Hitachi Virtual Storage Platform (VSP) RAID 700 · CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
· CVE-2021-44832: Not affected
Hitachi Unified Storage VM (HUS VM) HM700 · CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
· CVE-2021-44832: Not affected
Hitachi Adaptable Modular Storage DF800S, DF800M, DF800H (AMS 2x00) · CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
· CVE-2021-44832: Not affected
Hitachi Unified Storage DF850XS, DF850S, DF850MH (HUS 1x0) · CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
· CVE-2021-44832: Not affected
Network Attached Storage
HNAS 5000 Series · CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
· CVE-2021-44832: Not affected
HNAS 4000 Series · CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
· CVE-2021-44832: Not affected
HNAS 30x0 Series · CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
· CVE-2021-44832: Not affected

Virtual Storage Platform Gx00/Fx00 NAS Modules
 
· CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
· CVE-2021-44832: Not affected
Virtual Storage Platform Nx00 NAS Modules · CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
· CVE-2021-44832: Not affected
SMU · CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
· CVE-2021-44832: Not affected
Hitachi Disaster Recovery Solution (HDRS) · CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
· CVE-2021-44832: Not affected
Compute Products
Hitachi Advanced Server DS120, DS220, DS225, DS240 · CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
· CVE-2021-44832: Not affected
Server for Solutions, Multi-Node T41S · CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
· CVE-2021-44832: Not affected
Server for Solutions, Single-Node D51B-2U · CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
· CVE-2021-44832: Not affected
Hitachi Compute Rack CR 210H, CR 220, CR 220H/S · CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
· CVE-2021-44832: Not affected
Hitachi 520H/X Blade (all versions) · CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
· CVE-2021-44832: Not affected
Hitachi 540A Blade (all versions) · CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
· CVE-2021-44832: Not affected

Hitachi Compute Blade CB500, CB2000, CB2500
· CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
· CVE-2021-44832: Not affected
Hitachi Advanced Server DS7000 Series · CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
· CVE-2021-44832: Not affected
Content Products
Hitachi Data Ingestor (HDI/HFSM) · CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
· CVE-2021-44832: Not affected

HDI/HFSM is not affected because the vulnerable code for the Log4Shell vulnerability is not present in the product.
Hitachi File Services Manager (HFSM) · CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
· CVE-2021-44832: Not affected

HFSM is not affected because the vulnerable code for the Log4Shell vulnerability is not present in the product.
Content Platform (versions 8.1 and lower)

· CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
· CVE-2021-44832: Not affected

In HCP v8.1 and lower, Struts 2.3.x is used, which does not use Log4j.

Content Platform Anywhere (versions 4.2.x and older) · CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
· CVE-2021-44832: Not affected

HCP Anywhere version 4.2.x and earlier are not affected as these releases utilize versions of Log4j that are not affected as documented at Apache Log4j Security Vulnerabilities under the section: Fixed in Log4j 2.15.0
Hitachi Content Software for File (HCSF) · CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
· CVE-2021-44832: Not affected

Apache Log4j is not part of the HCSF solution.
Data Protector

· CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
· CVE-2021-44832: Not affected

This product is written in C++ and has no JAVA components, so we have not been affected by the log4j issues

Brocade Products
Brocade Fibre Channel Switches Brocade Fibre Channel switches running Fabric OS versions 7.4.x, 8.x, and 9.x are not affected.

* Please continue to refer to the Brocade Security Advisories site for the latest information regarding these vulnerabilities as it impacts their products.
Brocade SANnav v2.2.0 * Please see above.
Brocade Network Advisor * Please see above.
Cisco Products
Cisco MDS 9000 Series Multilayer Switches · CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
· CVE-2021-44832: Not affected

* Please continue to refer to Cisco's official Security Advisory for CVE-2021-44228 for the latest information from Cisco regarding this vulnerability as it impacts their products.
Cisco 3000, 5000, 6000, 7000, and 9000 Nexus Series Switches · CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
· CVE-2021-44832: Not affected

* Please see above.
Pulse Secure Products
Pulse Secure vADC
(vTM, Services Director, vWAF)
· CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
· CVE-2021-44832: Not affected

Please refer to Pulse Secure KB44933 for additional information.
Software Products

 

Hitachi Remote Ops (HRO)
 
· CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
· CVE-2021-44832: Not affected
Hitachi Remote Access Control Center (RACC) · CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
· CVE-2021-44832: Not affected
Hitachi Tiered Storage Manager (HTSM) · CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
· CVE-2021-44832: Not affected
Hitachi Tuning Manager (HTnM) · CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
· CVE-2021-44832: Not affected
Hitachi Replication Manager (HRpM) · CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
· CVE-2021-44832: Not affected
Hitachi Global Link Manager (HGLM) · CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
· CVE-2021-44832: Not affected
Hitachi Dynamic Link Manager (HDLM) · CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
· CVE-2021-44832: Not affected
Hitachi Compute Systems Manager (HCSM) · CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
· CVE-2021-44832: Not affected
Hitachi Ops Center
Common Services (HOC)

· CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
· CVE-2021-44832: Not affected
· CVE-2021-4104: Not affected

  (HOC contains Log4j 1.2, however HOC is not affected due to:
 i) The access right for the Configuration parts in Log4j is limited
 ii) JMSAppender is disabled)

Hitachi Ops Center
Configuration Manager REST API (HCM)
· CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
· CVE-2021-44832: Not affected
Hitachi Ops Center
Protector
· CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
· CVE-2021-44832: Not affected
UCP Advisor

· CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
· CVE-2021-44832: Not affected

UCP Director · CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
· CVE-2021-44832: Not affected
CCI / RAID Manager · CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
· CVE-2021-44832: Not affected
Export Tool (Monitor) · CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
· CVE-2021-44832: Not affected
Business Continuity Manager (BCM) · CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
Storage Navigator Modular 2 (SNM2) · CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
· CVE-2021-44832: Not affected
Adapter Products
Hitachi Storage Connector for VMware vRealize Orchestrator
(vRO)
· CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
Hitachi Storage Content Pack for VMware vRealize Log Insight
(vRLI)
· CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
Ops Center Protector Adapter for VMware Site Recovery Manager
(Protector SRA)
· CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
Ops Center Protector Connector for VMware vRealize Orchestrator
(Protector vRO)
· CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
Hitachi (VASA) Provider for VMware vCenter · CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
Hitachi Storage Adapter for VMware Site Recovery Manager
(VSP SRA)
· CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
Hitachi Storage Replication Adapter for VMware Site Recovery Manager
(VSP SRA)
· CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
Hitachi Infrastructure Management Pack for VMware vRealize Operations
(vROPS)
· CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
Infrastructure Adapter for Microsoft Windows Powershell · CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
Veeam Plugin for VSP Storage · CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
Hitachi Storage Plugin for Prometheus
(HSPP)
· CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
Hitachi Storage Plugin for Containers
(HSPC)
· CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
Hitachi Replication Plugin for Containers
(HRPC)
· CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
Hitachi Block Storage Driver
(HBSD / OpenStack)
· CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
Hitachi Adapters (Bundle) for Oracle Database · CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
Hitachi Storage Adapter for SAP HANA DBA Cockpit · CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
Hitachi Storage Modules for Red Hat Ansible · CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
· CVE-2021-44832: Not affected
HashiCorp Terraform Provider for Hitachi Storage · CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected
· CVE-2021-44832: Not affected
Hitachi Smart Spaces and Video Intelligence Products
Hitachi Visualization Suite (HVS) · CVE-2021-44228: Not affected
· CVE-2021-45046: Not affected
· CVE-2021-45105: Not affected


At the time of this advisory's publication, only products listed in the Vulnerable Products section above are confirmed to be affected by this vulnerability.

 

Recommended Actions

Please continue to check this Security Advisory, as new information will be added to it as it becomes available.

 

If any of the information presented above remains unclear, please contact the Hitachi Vantara Global Support Center, or your Vantara-authorized service and support provider.

The information contained herein is for informational purposes only. It is not intended as a guaranty or warranty about Hitachi Vantara’s products, including any guaranty or warranty that any product cannot be exploited by third parties. All product warranties and obligations to a customer must be specified in a mutually acceptable and executed contract between the parties.

Attachments

Attachment: 7374_20240807163202_240417100189796.url

CXone Metadata

CVE-2021-44228; CVE-2021-44832; CVE-2021-45046; CVE-2021-45105; Log4j; Log4Shell