Multiple vulnerabilities have been found in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center.
Vulnerability description
Multiple vulnerabilities have been found in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center.
CVE-2020-14779, CVE-2020-14781, CVE-2020-14782, CVE-2020-14792, CVE-2020-14796, CVE-2020-14797, CVE-2020-14798, CVE-2020-14803(*1)
Affected products and versions are listed below. Please upgrade your version to the appropriate version, or apply the Workarounds.
The product name in Hitachi Command Suite is changed in Hitachi Ops Center series on some products. To find fixed products, need to find same number following product name in [Affected products] and [Fixed products].
Affected products
The information is organized under the following headings:
(Example)
Product name: Gives the name of the affected product.
Version:
- Platform
- Gives the affected version.
- Hitachi Command Suite
Product name: Hitachi Device Manager ---(1)
Component name: Device Manager Server
Version(s):
less than 8.7.7-01
Product name: Hitachi Device Manager ---(1)
Component name: Device Manager Agent
Version(s):
less than 8.7.7-01
Product name: Hitachi Device Manager ---(1)
Component name: Host Data Collector
Version(s):
less than 8.7.7-01
Product name: Hitachi Tiered Storage Manager ---(2)
Version(s):
less than 8.7.7-01
Product name: Hitachi Replication Manager ---(3)
Version(s):
less than 8.7.7-01
Product name: Hitachi Tuning Manager ---(4)
Component name: Hitachi Tuning Manager server
Version(s):
less than 8.7.7-01
Product name: Hitachi Tuning Manager ---(4)
Component name: Hitachi Tuning Manager - Agent for RAID
Version(s):
8.0.0-00 or more and less than 8.7.7-01
Product name: Hitachi Tuning Manager ---(4)
Component name: Hitachi Tuning Manager - Agent for NAS
Version(s):
8.0.0-00 or more and less than 8.7.7-01
Product name: Hitachi Tuning Manager ---(4)
Component name: Hitachi Tuning Manager - Agent for SAN Switch
Version(s):
less than 8.7.7-01
Product name: Hitachi Dynamic Link Manager ---(5)
Version(s):
- Linux
- less than 8.7.8-00
- Windows, VMware
- less than 8.7.6-02
Product name: Hitachi Global Link Manager ---(6)
Version(s):
less than 8.7.6-02
Product name: Hitachi Compute Systems Manager ---(7)
Version(s):
less than 8.7.7-01
Product name: Hitachi Automation Director ---(8)
Version(s):
less than 10.5.1-00
Product name: Hitachi Configuration Manager ---(9)
Version(s):
less than 10.6.0-00
Product name: Hitachi Infrastructure Analytics Advisor ---(10)
Component name: Hitachi Infrastructure Analytics Advisor
Version(s):
less than 10.6.0-00
Product name: Hitachi Infrastructure Analytics Advisor ---(10)
Component name: Analytics probe server
Version(s):
less than 10.6.0-00
- Hitachi Ops Center
Product name: Hitachi Ops Center Automator ---(8)
Version(s):
less than 10.6.1-00
Product name: Hitachi Ops Center API Configuration Manager ---(9)
Version(s):
less than 10.6.0-00
Product name: Hitachi Ops Center Analyzer ---(10)
Version(s):
less than 10.6.0-00
Product name: Hitachi Ops Center Analyzer viewpoint ---(11)
Version(s):
less than 10.5.1-00
Product name: Hitachi Ops Center Common Services ---(12)
Version(s):
less than 10.5.1-00
- *1
-
Please refer to the following information about CVE-2020-14803.
Fixed products
The information is organized under the following headings:
(Example)
Product name: Gives the name of the fixed product.
Version:
- Platform
- Gives the fixed version, and release date.
Scheduled version:
- Platform
- Gives the fixed version scheduled to be released.
- Hitachi Command Suite
Product name: Hitachi Device Manager(*2)(*3)(*4) ---(1)
Version(s):
- Windows, Linux(*5)
- 8.7.7-01 February 15, 2021
Product name: Hitachi Tiered Storage Manager ---(2)
Version(s):
- Windows, Linux(*5)
- 8.7.7-01 February 15, 2021
Product name: Hitachi Replication Manager ---(3)
Version(s):
- Windows, Linux(*5)
- 8.7.7-01 February 15, 2021
Product name: Hitachi Tuning Manager(*6) ---(4)
Version(s):
- Windows, Linux(*5)
- 8.7.7-01 February 15, 2021
Product name: Hitachi Dynamic Link Manager(*7) ---(5)
Version(s):
- Linux
- 8.7.8-00 February 15, 2021
- Windows, VMware
- 8.7.6-02 February 15, 2021
Product name: Hitachi Global Link Manager ---(6)
Version(s):
- Windows
- 8.7.6-02 February 15, 2021
Product name: Hitachi Compute Systems Manager ---(7)
Version(s):
- Windows, Linux
- 8.7.7-01 February 15, 2021
Product name: Hitachi Automation Director ---(8)
Version(s):
- Windows, Linux
- 10.5.1-00 February 15, 2021
Product name: Hitachi Configuration Manager ---(9)
Version(s):
- Windows, Linux
- 10.6.0-00 February 15, 2021
- Hitachi Ops Center
Product name: Hitachi Ops Center Automator ---(8)
Version(s):
- Windows, Linux
- 10.6.1-00 May 17, 2021
Product name: Hitachi Ops Center API Configuration Manager ---(9)
Version(s):
- Windows, Linux
- 10.6.0-00 February 15, 2021
Product name: Hitachi Ops Center Analyzer(*8) ---(10)
Version(s):
- Windows, Linux
- 10.6.0-00 February 15, 2021
Product name: Hitachi Ops Center Analyzer viewpoint ---(11)
Version(s):
- Linux
- 10.5.1-00 February 15, 2021
Product name: Hitachi Ops Center Common Services ---(12)
Version(s):
- Linux
- 10.5.1-00 February 15, 2021
- *2
- Device Manager agent must also be upgraded.
- *3
- The vulnerabilities of Device Manager agent that runs on the following operating systems can only be corrected by upgrading the JDK used by the Device Manager agent to Oracle JDK version 8u271 or later.
- Red Hat Enterprise Linux 5.x
- Red Hat Enterprise Linux 6.x
- SUSE Linux Enterprise Server 11
- Oracle Unbreakable Enterprise Kernel 6.x
- *4
- If Host Data Collector is installed in a different server to which installed Hitachi Device Manager, the Host Data Collector must also be upgraded.
- *5
- Solaris is no longer supported. Use the fixed version for Windows or Linux.
- *6
- Hitachi Tuning Manager - Agent for RAID, Hitachi Tuning Manager - Agent for NAS and Hitachi Tuning Manager - Agent for SAN Switch must also be upgraded.
- *7
- The vulnerabilities of Hitachi Dynamic Link Manager that runs on the following operating systems can only be corrected by upgrading the Java(TM) used by the Hitachi Command Suite Common Agent to Oracle JDK/JRE version 8u271 or later.
- Red Hat Enterprise Linux 5.x
- Red Hat Enterprise Linux 6.x
- SUSE Linux Enterprise Server 11
- Oracle Linux 5.x
- Oracle Linux 6.x
- Oracle Unbreakable Enterprise Kernel 5.x
- Oracle Unbreakable Enterprise Kernel 6.x
- *8
- Analyzer probe server and API Configuration Manager must also be upgraded.
For details on the fixed products, contact your Hitachi support service representative.