Priority: ● Moderate Status: Monitoring First Published: 2021 December 10 Last Updated: 2022 June 20 Advisory Version: 3.02 References: CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, CVE-2021-44832 Summary Security vulnerabilities of varying severity in the Log4j Java-based logging library have been identified. Specifically, in versions of the Log4j2 tool beginning with v2.0-beta9, and prior to v2.17.1, vulnerabilities could allow an attacker to remotely execute code or cause denial of service. The following four vulnerabilities have been announced: CVE-2021-44228 (Critical - Affecting all Log4j2 versions prior to v2.15.0) - Disclosed on 9 December 2021 CVE-2021-45046 (Critical - Affecting all Log4j2 versions prior to v2.16.0) - Disclosed on 14 December 2021 CVE-2021-45105 (Moderate - Affecting all Log4j2 versions prior to v2.16.0) - Disclosed on 18 December 2021 CVE-2021-44832 (Moderate - Affecting all Log4j2 versions prior to v2.17.1) - Disclosed on 28 December 2021 Please refer to the following resources for additional information regarding these vulnerabilities: Affected Products For the latest information regarding potential impact to Hitachi Vantara Lumada and Pentaho products, please see here. Vulnerable Products Hitachi Vantara is currently investigating its product lines to determine if any are affected by these vulnerabilities. If any products or solutions are found to be impacted, they will be indicated in this section, in subsequent updates to this advisory, along with information regarding mitigations or fixed release versions (if such information is available at the time). Likewise, any products or solutions that have been confirmed not to be affected by the given vulnerability will be listed in the section below. NOTE: Cited product documentation, including product-specific Alerts and Technical Bulletins, are available to Hitachi Vantara customers logged into Support Connect. Product | Notes / Fixed Release Version | Hitachi Virtual Storage Platform VSP E990, VSP E790, VSP E590 (NOTE: These models are not affected if in an SVP-less configuration.) | Now 93-05-05-x0/00-M053 and 93-06-02-x0/00-M052 and 93-06-22-x0/00-M051 are available which replaces Log4j with Logback, and deletes the contents of all Log4j files, nullifying any future attack vector. Target early June 2022, a microcode will be provided which removes the empty and nullified Log4j files entirely. CVE-2021-44228 & CVE-2021-45046: Contains version 2.8.2, utilized only by Storage Navigator and Export Tool 2 To mitigate affectivity, you can immediately perform the following workarounds: 1. Stop services used by Storage Navigator when not in use (How to stop SVP services) 2. Do not use Export Tool 2 Pending remediation availability, Service Processor (SVP) network access can temporarily be disabled. Please note that doing so will only affect remote administration of the storage array. Production availability and functionality of the array will not be affected. Microcode versions 93-04-04-x0/00-M042 and 93-05-04-x0/00-M041 and 93-06-01-x0/00-M039 are available now with affected components removed. CVE-2021-45105: Not affected CVE-2021-44832: Not affected | Hitachi Virtual Storage Platform VSP F/G350, VSP F/G370, VSP F/G700, VSP F/G900 (NOTE: These models are not affected if in an SVP-less configuration.) | Now 88-08-05-x0/00-M104 is available which replaces Log4j with Logback, and deletes the contents of all Log4j files, nullifying any future attack vector. Target early June 2022, a microcode will be provided which removes the empty and nullified Log4j files entirely. CVE-2021-44228 & CVE-2021-45046: Contains version 2.8.2, utilized only by Storage Navigator and Export Tool 2 To mitigate affectivity, you can immediately perform the following workarounds: 1. Stop services used by Storage Navigator when not in use (How to stop SVP services) 2. Do not use Export Tool 2 Pending remediation availability, Service Processor (SVP) network access can temporarily be disabled. Please note that doing so will only affect remote administration of the storage array. Production availability and functionality of the array will not be affected. Microcode version 88-08-04-x0/00-M101 is available now with affected components removed. CVE-2021-45105: Not affected CVE-2021-44832: Not affected | Hitachi Virtual Storage Platform VSP G200, VSP F/G/N400, VSP F/G/N600, VSP F/G/N800 | Now 83-05-44-x0/00-M181 and 83-06-16-x0/00-M182 are available which replaces Log4j with Logback, and deletes the contents of all Log4j files, nullifying any future attack vector. Target early June 2022, a microcode will be provided which removes the empty and nullified Log4j files entirely. CVE-2021-44228 & CVE-2021-45046: Contains version 2.8.2, utilized only by Storage Navigator To mitigate affectivity, you can immediately perform the following workaround: 1. Stop services used by Storage Navigator when not in use (How to stop SVP services) Pending remediation availability, Service Processor (SVP) network access can temporarily be disabled. Please note that doing so will only affect remote administration of the storage array. Production availability and functionality of the array will not be affected. Microcode versions 83-05-43-x0/02-M176 and 83-06-15-x0/02-M177 are available now with affected components removed. CVE-2021-45105: Not affected CVE-2021-44832: Not affected | Content Platform (versions 8.2 and higher) | CVE-2021-44228 & CVE-2021-45046 Technical Bulletin detailing latest mitigation steps can be found here. CVE-2021-45105: NOT affected CVE-2021-44832: Vulnerable A 9.3.3 permanent fix release that updates the Log4j version to 2.17.1 is available for download. This will address all 4 CVE's discussed in this article. | HCP for Cloud Scale | CVE-2021-44228 Mitigation steps in the form of a Technical Bulletin are available here for those unable to upgrade. A 2.3.2 maintenance release is now available for download. CVE-2021-45105 & CVE-2021-45046: NOT affected CVE-2021-44832: Not affected | Content Platform Anywhere (version 4.3.0 and newer) | CVE-2021-44228 & CVE-2021-45046 Technical Bulletin describing the vulnerability & mitigation steps can be found here. Permanent fix release version 4.5.2 is available for download. HCP Anywhere version 4.2.x and earlier are not affected as these releases utilize versions of Log4j that are not affected as documented in Apache Log4j Security Vulnerabilities, under the section: Fixed in Log4j 2.15.0. Please note these details apply to Anywhere Edge as well. The same mitigations steps are applicable CVE-2021-45105: NOT affected CVE-2021-44832: NOT affected | Content Platform Gateway | CVE-2021-44228, CVE-2021-45046 & CVE-2021-45105 The exposure is limited to when the management UI is running, and when the Restore application is executed. These processes are using an older version of Log4j. Mitigation steps can be found here for Windows versions and here for Linux versions. CVE-2021-44832: Vulnerable 4.2 release (date TBD) will address the UI and contain log4h 2.17.1. | Content Platform S Series (all models) | CVE-2021-44228 & CVE-2021-45046 All models vulnerable. Releases 2.x and 3.x vulnerable. A fixed release 3.1.3 (S11 & S31 models) that contains the log4j version 2.16 is available for download. A fixed release 2.2.3 (S10 & S30 models) that contains the 2.17.1 Log4j version is available for download. Hotfix updates (containing the log4j version 2.16 update) for each of the in-use releases (2.1.9.8, 2.1.10.3, 2.2.0.x, 2.2.1.4, 2.2.2.5 and 3.1.1.x) are available for download. Releases 2.1.8 and earlier should upgrade to 2.1.9.8 and apply hotfix to address log4j vulnerabilities. See Alert A2021122101 for details on applying the 2.2.x and 3.1.x hotfix. See Alert A2021122102 for details on applying the 2.1.x hotfix. CVE-2021-45105: NOT affected CVE-2021-44832: NOT affected | Content Intelligence | CVE-2021-44228 & CVE-2021-45046 Technical Bulletin describing the vulnerability & mitigation steps can be found here. CVE-2021-45105: NOT affected CVE-2021-44832: NOT affected | Hitachi Unified Compute Platform (UCP) | UCP HC / CI / RS UCP 4000* * UCP Director itself is not affected | Hitachi UCP solutions that use VMware vCenter Server are vulnerable to CVE-2021-44228 and CVE-2021-45046. We strongly urge customers with these solutions to refer to the official security advisory from VMware, VMSA-2021-0028.1, to assess their risk for vulnerability and, if applicable and when available, implement VMware's specified remediation. | Brocade SANnav v2.1.1, v2.1.0, v2.0.0 | Please refer to BSA-2021-1651 for the latest information from Brocade regarding mitigation steps for affected versions of SANnav. | Cisco Data Center Network Manager (DCNM) | Please refer to Cisco's official Security Advisory for CVE-2021-44228 for the latest information from Cisco regarding their investigation into impact to DCNM. | Hitachi Ops Center Administrator | Version 10.8.0-04 of Administrator is now available for download on Support Connect, for registered Hitachi Vantara customers. This version mitigates CVE-2021-44228.
* Administrator is not affected by CVE-2021-45406, CVE-2021-45105, or CVE-2021-44832. | Hitachi Ops Center Automator | Version 10.8.0-04 of Automator is now available for download on Support Connect, for registered Hitachi Vantara customers. This version mitigates CVE-2021-44228.
* Automator is not affected by CVE-2021-45406, CVE-2021-45105, or CVE-2021-44832. | Hitachi Ops Center Analyzer (Detail View), Analyzer (Probe) | Version 10.8.0-04 of Analyzer is now available for download on Support Connect, for registered Hitachi Vantara customers. This version mitigates CVE-2021-44228.
* Analyzer (Detail View) and Analyzer (Probe) are not affected by CVE-2021-45406, CVE-2021-45105, or CVE-2021-44832. | Hitachi Device Manager (HDvM) Host Data Collector 8.7.0-02 or later
* HDvM Agent and HDvM Server are not affected. | Remediation available for CVE-2021-44228 Please see Alert A2021121403 for more information.
* HDvM (Host Data Collector) is not affected by CVE-2021-45406, CVE-2021-45105, or CVE-2021-44832.
* HDvM 8.8.1, and all other applications/components in the HCS 8.8.1 suite, are not affected by CVE-2021-45406, CVE-2021-45105, or CVE-2021-44832. | Hitachi Infrastructure Analytics Advisor (HIAA) | Remediation available for CVE-2021-44228 Please see Alert A2021121403 for more information.
*HIAA is not affected by CVE-2021-45406, CVE-2021-45105, or CVE-2021-44832. | Export Tool 2 (Monitor 2) | Remediation is now included in associated storage microcode updates. | Hitachi Storage Plugin for VMware vCenter | Remediation for CVE-2021-44228 included in v04.7.1, now available on Support Connect for registered Hitachi Vantara customers · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected | Products Confirmed Not Vulnerable * As this is an ongoing investigation across all Hitachi Vantara product lines, please note that products may be reclassified as vulnerable as they continue to be evaluated for risk, as additional information pertaining to CVE-2021-44228 and CVE-2021-45046 is released. Hitachi Virtual Storage Platform VSP 5100, VSP 5100H, VSP 5500, VSP 5500H (VSP 5x00) RAID 900 | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected · CVE-2021-44832: Not affected Though Log4j components are present on the RAID 900 Service Processor (SVP), they are inert and not used by any system processes. Target early March 2022, a microcode will be provided which removes all Log4j files entirely. | Hitachi Virtual Storage Platform VSP 5200, VSP 5200H, VSP 5600, VSP 5600H (VSP 5x00) RAID 900 | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected · CVE-2021-44832: Not affected Though Log4j components are present on the RAID 900 Service Processor (SVP), they are inert and not used by any system processes. Target early March 2022, a microcode will be provided which removes all Log4j files entirely. | Hitachi Virtual Storage Platform G1000, F/G1500 (VSP F/G1x00) RAID 800 | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected · CVE-2021-44832: Not affected | Hitachi Virtual Storage Platform (VSP) RAID 700 | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected · CVE-2021-44832: Not affected | Hitachi Unified Storage VM (HUS VM) HM700 | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected · CVE-2021-44832: Not affected | Hitachi Adaptable Modular Storage DF800S, DF800M, DF800H (AMS 2x00) | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected · CVE-2021-44832: Not affected | Hitachi Unified Storage DF850XS, DF850S, DF850MH (HUS 1x0) | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected · CVE-2021-44832: Not affected | HNAS 5000 Series | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected · CVE-2021-44832: Not affected | HNAS 4000 Series | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected · CVE-2021-44832: Not affected | HNAS 30x0 Series | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected · CVE-2021-44832: Not affected | Virtual Storage Platform Gx00/Fx00 NAS Modules | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected · CVE-2021-44832: Not affected | Virtual Storage Platform Nx00 NAS Modules | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected · CVE-2021-44832: Not affected | SMU | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected · CVE-2021-44832: Not affected | Hitachi Disaster Recovery Solution (HDRS) | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected · CVE-2021-44832: Not affected | Hitachi Advanced Server DS120, DS220, DS225, DS240 | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected · CVE-2021-44832: Not affected | Server for Solutions, Multi-Node T41S | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected · CVE-2021-44832: Not affected | Server for Solutions, Single-Node D51B-2U | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected · CVE-2021-44832: Not affected | Hitachi Compute Rack CR 210H, CR 220, CR 220H/S | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected · CVE-2021-44832: Not affected | Hitachi 520H/X Blade (all versions) | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected · CVE-2021-44832: Not affected | Hitachi 540A Blade (all versions) | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected · CVE-2021-44832: Not affected | Hitachi Compute Blade CB500, CB2000, CB2500 | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected · CVE-2021-44832: Not affected | Hitachi Advanced Server DS7000 Series | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected · CVE-2021-44832: Not affected | Hitachi Data Ingestor (HDI/HFSM) | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected · CVE-2021-44832: Not affected
HDI/HFSM is not affected because the vulnerable code for the Log4Shell vulnerability is not present in the product. | Hitachi File Services Manager (HFSM) | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected · CVE-2021-44832: Not affected
HFSM is not affected because the vulnerable code for the Log4Shell vulnerability is not present in the product. | Content Platform (versions 8.1 and lower) | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected · CVE-2021-44832: Not affected
In HCP v8.1 and lower, Struts 2.3.x is used, which does not use Log4j. | Content Platform Anywhere (versions 4.2.x and older) | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected · CVE-2021-44832: Not affected
HCP Anywhere version 4.2.x and earlier are not affected as these releases utilize versions of Log4j that are not affected as documented at Apache Log4j Security Vulnerabilities under the section: Fixed in Log4j 2.15.0 | Hitachi Content Software for File (HCSF) | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected · CVE-2021-44832: Not affected
Apache Log4j is not part of the HCSF solution. | Data Protector | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected · CVE-2021-44832: Not affected This product is written in C++ and has no JAVA components, so we have not been affected by the log4j issues | Brocade Fibre Channel Switches | Brocade Fibre Channel switches running Fabric OS versions 7.4.x, 8.x, and 9.x are not affected.
* Please continue to refer to the Brocade Security Advisories site for the latest information regarding these vulnerabilities as it impacts their products. | Brocade SANnav v2.2.0 | * Please see above. | Brocade Network Advisor | * Please see above. | Cisco MDS 9000 Series Multilayer Switches | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected · CVE-2021-44832: Not affected
* Please continue to refer to Cisco's official Security Advisory for CVE-2021-44228 for the latest information from Cisco regarding this vulnerability as it impacts their products. | Cisco 3000, 5000, 6000, 7000, and 9000 Nexus Series Switches | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected · CVE-2021-44832: Not affected
* Please see above. | Pulse Secure vADC (vTM, Services Director, vWAF) | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected · CVE-2021-44832: Not affected
Please refer to Pulse Secure KB44933 for additional information. | Hitachi Remote Ops (HRO) | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected · CVE-2021-44832: Not affected | Hitachi Remote Access Control Center (RACC) | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected · CVE-2021-44832: Not affected | Hitachi Tiered Storage Manager (HTSM) | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected · CVE-2021-44832: Not affected | Hitachi Tuning Manager (HTnM) | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected · CVE-2021-44832: Not affected | Hitachi Replication Manager (HRpM) | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected · CVE-2021-44832: Not affected | Hitachi Global Link Manager (HGLM) | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected · CVE-2021-44832: Not affected | Hitachi Dynamic Link Manager (HDLM) | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected · CVE-2021-44832: Not affected | Hitachi Compute Systems Manager (HCSM) | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected · CVE-2021-44832: Not affected | Hitachi Ops Center Common Services (HOC) | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected · CVE-2021-44832: Not affected · CVE-2021-4104: Not affected (HOC contains Log4j 1.2, however HOC is not affected due to: i) The access right for the Configuration parts in Log4j is limited ii) JMSAppender is disabled) | Hitachi Ops Center Configuration Manager REST API (HCM) | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected · CVE-2021-44832: Not affected | Hitachi Ops Center Protector | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected · CVE-2021-44832: Not affected | UCP Advisor | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected · CVE-2021-44832: Not affected | UCP Director | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected · CVE-2021-44832: Not affected | CCI / RAID Manager | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected · CVE-2021-44832: Not affected | Export Tool (Monitor) | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected · CVE-2021-44832: Not affected | Business Continuity Manager (BCM) | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected | Storage Navigator Modular 2 (SNM2) | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected · CVE-2021-44832: Not affected | Hitachi Storage Connector for VMware vRealize Orchestrator (vRO) | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected | Hitachi Storage Content Pack for VMware vRealize Log Insight (vRLI) | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected | Ops Center Protector Adapter for VMware Site Recovery Manager (Protector SRA) | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected | Ops Center Protector Connector for VMware vRealize Orchestrator (Protector vRO) | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected | Hitachi (VASA) Provider for VMware vCenter | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected | Hitachi Storage Adapter for VMware Site Recovery Manager (VSP SRA) | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected | Hitachi Storage Replication Adapter for VMware Site Recovery Manager (VSP SRA) | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected | Hitachi Infrastructure Management Pack for VMware vRealize Operations (vROPS) | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected | Infrastructure Adapter for Microsoft Windows Powershell | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected | Veeam Plugin for VSP Storage | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected | Hitachi Storage Plugin for Prometheus (HSPP) | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected | Hitachi Storage Plugin for Containers (HSPC) | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected | Hitachi Replication Plugin for Containers (HRPC) | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected | Hitachi Block Storage Driver (HBSD / OpenStack) | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected | Hitachi Adapters (Bundle) for Oracle Database | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected | Hitachi Storage Adapter for SAP HANA DBA Cockpit | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected | Hitachi Storage Modules for Red Hat Ansible | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected · CVE-2021-44832: Not affected | HashiCorp Terraform Provider for Hitachi Storage | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected · CVE-2021-44832: Not affected | Hitachi Smart Spaces and Video Intelligence Products | Hitachi Visualization Suite (HVS) | · CVE-2021-44228: Not affected · CVE-2021-45046: Not affected · CVE-2021-45105: Not affected | At the time of this advisory's publication, only products listed in the Vulnerable Products section above are confirmed to be affected by this vulnerability. Recommended Actions Please continue to check this Security Advisory, as new information will be added to it as it becomes available. If any of the information presented above remains unclear, please contact the Hitachi Vantara Global Support Center, or your Vantara-authorized service and support provider. The information contained herein is for informational purposes only. It is not intended as a guaranty or warranty about Hitachi Vantara’s products, including any guaranty or warranty that any product cannot be exploited by third parties. All product warranties and obligations to a customer must be specified in a mutually acceptable and executed contract between the parties. |