Vulnerability in Older Versions of Hitachi Storage Plug-in for VMware vCenter
Priority: ● High
Status: Resolved
First Published: 2024 February 5
Advisory Version: 1.0
References: CVE-2024-21840
Summary
A vulnerability exists in older versions of Hitachi Storage Plug-in for VMware vCenter (SVMC) where default permissions are set incorrectly, potentially allowing local users to read and write specific files.
This vulnerability affects versions 04.0.0 through 04.9.2 of Hitachi Storage Plug-in for VMware vCenter.
It is fixed in version 04.10.0 of SVMC (currently available) and above.
Affected Products
Hitachi Storage Plug-in for VMware vCenter (SVMC) versions 04.0.0 through 04.9.2
Vulnerable Products
Hitachi Vantara is currently investigating its product lines to determine if any are affected by this vulnerability. If any products or solutions are found to be impacted, they will be indicated in this section, in subsequent updates to this advisory, along with information regarding fixed release versions (if such information is available at the time.) Likewise, any products or solutions that have been confirmed not to be affected by the given vulnerability will be listed in the section below.
NOTE: Cited product documentation, including product-specific Alerts and Technical Bulletins, are available to Hitachi Vantara customers logged into Support Connect.
Product | Notes |
Software Products |
Recommended Actions
To eliminate this vulnerability, please upgrade to Hitachi Storage Plug-in for VMware vCenter version 04.10.0 or higher.
If any of the information presented above remains unclear, please contact the Hitachi Vantara Global Support Center, or your Vantara-authorized service and support provider.
The information contained herein is for informational purposes only. It is not intended as a guaranty or warranty about Hitachi Vantara’s products, including any guaranty or warranty that any product cannot be exploited by third parties. All product warranties and obligations to a customer must be specified in a mutually acceptable and executed contract between the parties.