Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.1671
Multiple vulnerabilities have been found in Hitachi Command
Suite and Hitachi Infrastructure Analytics Advisor.
13 May 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Hitachi Command Suite and Hitachi Infrastructure Analytics Advisor
Publisher: Hitachi
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Modify Arbitrary Files -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2019-2698 CVE-2019-2697 CVE-2019-2684
CVE-2019-2602
Reference: ASB-2019.0118
ESB-2019.1654
ESB-2019.1495
ESB-2019.1446
Original Bulletin:
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2019-110/index.html
- --------------------------BEGIN INCLUDED TEXT--------------------
Update: May 10, 2019
Multiple vulnerabilities have been found in Hitachi Command Suite and Hitachi
Infrastructure Analytics Advisor.
Security Information ID
hitachi-sec-2019-110
Vulnerability description
Multiple vulnerabilities have been found in Hitachi Command Suite and Hitachi
Infrastructure Analytics Advisor.
CVE-2019-2602, CVE-2019-2684, CVE-2019-2697, CVE-2019-2698
Affected products and versions are listed below. Please upgrade your version to
the appropriate version, or apply the Workarounds.
Affected products
The information is organized under the following headings:
(Example)
Product name: Gives the name of the affected product.
Version:
Platform
Gives the affected version.
Product name: Hitachi Device Manager
Version(s):
All versions
Product name: Hitachi Tiered Storage Manager
Version(s):
All versions
Product name: Hitachi Replication Manager
Version(s):
All versions
Product name: Hitachi Tuning Manager
Component name: Hitachi Tuning Manager server
Version(s):
All versions
Product name: Hitachi Tuning Manager
Component name: Hitachi Tuning Manager - Agent for RAID
Version(s):
8.0.0-00 or more
Product name: Hitachi Tuning Manager
Component name: Hitachi Tuning Manager - Agent for NAS
Version(s):
8.0.0-00 or more
Product name: Hitachi Tuning Manager
Component name: Hitachi Tuning Manager - Agent for SAN Switch
Version(s):
All versions
Product name: Hitachi Global Link Manager
Version(s):
All versions
Product name: Hitachi Compute Systems Manager
Version(s):
All versions
Product name: Hitachi Automation Director(English version)
Version(s):
All versions
Product name: Hitachi Automation Director(Japanese version)
Version(s):
All versions
Product name: Hitachi Infrastructure Analytics Advisor(*1)
Component name: Hitachi Infrastructure Analytics Advisor
Version(s):
All versions
Product name: Hitachi Infrastructure Analytics Advisor(*1)
Component name: Analytics probe server
Version(s):
All versions
*1
This product has been discontinued in Japan.
Fixed products
The information is organized under the following headings:
(Example)
Product name: Gives the name of the fixed product.
Version:
Platform
Gives the fixed version, and release date.
Scheduled version:
Platform
Gives the fixed version scheduled to be released.
Product name: Hitachi Device Manager
Scheduled version(s):
Product name: Hitachi Tiered Storage Manager
Scheduled version(s):
Product name: Hitachi Replication Manager
Scheduled version(s):
Product name: Hitachi Tuning Manager
Scheduled version(s):
Product name: Hitachi Global Link Manager
Scheduled version(s):
Product name: Hitachi Compute Systems Manager
Scheduled version(s):
Product name: Hitachi Automation Director(English version)
Scheduled version(s):
Product name: Hitachi Automation Director(Japanese version)
Scheduled version(s):
Product name: Hitachi Infrastructure Analytics Advisor(*1)
Scheduled version(s):
For details on the fixed products, contact your Hitachi support service
representative.
Workarounds
None
If you have support agreement with Oracle Java, execute the following temporary
solution.
Changing the JDK used by Hitachi Command Suite products to the Oracle JDK(8u211
or later). For details about precondition and procedure, see Administrator
Guide and related documents.(*2)
*2
About Hitachi Infrastructure Analytics Advisor (including Analytics probe),
contact your Hitachi support service representative.
Revision history
May 10, 2019
This page is released.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXNlKN2aOgq3Tt24GAQgLkhAAmEduDfjZwYkyDGjN1NEWG628NV1s7B5H
riYpj6Ejpqygc4omzf12zpgwTfxBo67BAD/89BVD4uB+04U9Y1K0s6aYShPU/tE6
4PMNn7o3+5YJPvVO6fSipFnkW8vamHs2SAICljhFc5kJyuT/gOj8gXjmLdDxXH9X
ccj1+bCKT5kAWY/rdflpDSz+dXFIPEB9DXPeTnzOaVWiLbxw23WnspVTdq+rsVh3
ch3l2Kj50+DSPh035HJKnc5fzT1GO5YgKXz0djr962cAoqTECZ+CIN+HVCT1fwab
QRmO3fOTRPl7gz1MI/iCt4nHSsSlMfsEnXlWsuza+jLVEglKBtSqdC3NSsdI54K1
S+GalNEzTZfECHMZy0cqV3p3Ts0Y8pugmmsLblgjZkbUddfhwN/lbjLC7TCj/8mq
4npHOmOQP3/i1LwvY3NwfOW1STV509VLB+HqHo8MUzODuHIBieNYS3Zom/kKB2NG
uP65HxkDnnbsKhtIC8Za8nSvAayiUfOZ7nMzYktFzYRsRFBiHe7D4bIidxWNt12I
q5lQATr6Nl39aPRqiKIpv0GVU5cwfrlUJj8Jk7hyiNdZsjpkyL+oYN49vdq9ta9r
WiS536lAusnd1icDid3+kJ4oVzkQ/R1Oy7cvfgnfzQVb171aunnytpHvJ/ke9UGB
zO9gFjMsBiY=
=DevP
-----END PGP SIGNATURE-----