Hitachi Vantara Security Advisories - Index Page

Content

Security Advisories

Advisories are listed in chronological order, with the most recently published on top.

Advisory Title CVE References
OpenSSH RCE Vunerability: "regreSSHion" CVE-2024-6387
Cisco NX-OS CLI Vulnerability CVE-2024-20399
Specific PHP Versions Vulnerability May Allow Malicious User Execution CVE-2024-4577
Apache HTTP Server 2.4 Vulnerabilities CVE-2024-24795, CVE-2024-27316, CVE-2023-38709
xz-utils Backdoor CVE-2024-3094
Terrapin Attack CVE-2023-48795
Vulnerability in Older Versions of Hitachi Storage Plug-in for VMware vCenter CVE-2024-21840
Apache Struts Remote Code Execution Vulnerability CVE-2023-50164
PostgreSQL Vulnerabilities CVE-2018-1058, CVE-2019-9193, CVE-2020-1720, CVE-2020-14350, CVE-2020-25694, CVE-2020-25695, CVE-2020-25696, CVE-2021-3393, CVE-2021-20229, CVE-2021-32027
Open SSH Version Prior to 9.3p2 are Susceptible to a Vulnerability That May Lead to a DOS Attack CVE-2023-38408
OpenSSL Security Vulnerabilities CVE-2023-0286, CVE-2023-0215, CVE-2022-4450, CVE-2022-4304, CVE-2022-0778, CVE-2021-3712, CVE-2021-3711
Apache Tomcat Incomplete Cleanup Vulnerability CVE-2023-42794
Apache ActiveMQ Remote Code Execution Vulnerability CVE-2023-46604
Hitachi Vantara Ops Center Analyzer Viewpoint Open SSL Vulnerability (CVE-2023-5363) CVE-2023-5363
Curl and Libcurl Vulnerabilities CVE-2023-38545, CVE-2023-38546
Heap Buffer Overflow Vulnerabilties in Libwebp and Libvpx CVE-2023-4863CVE-2023-5217
A NETBIOS_SMB Share Password is the Default or Null or Missing CVE-1999-0519
SSL_Security_Vulnerabilities_in_Hitachi_Content_Intelligence_(HCI)_v2.2.2 CVE-2022-4304, CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2022-3996, CVE-2022-4203, CVE-2023-0216, CVE-2023-0217, CVE-2023-0401
Unsecured_Apache_Stark_Standalone_Executes_User_Code CVE-2018-17190
Vulnerabilities in Certain Versions of Hitachi Device Manager, Hitachi Configuration Manager, and Hitachi Ops Center API Configuration Manager CVE-2022- 28331CVE-2021- 25147
Certain mod_proxy Configurations on Versions of Apache HTTP Server Could Allow Unauthorized Access CVE-2023-25690

Netlogon RPC Elevation of Privilege Vulnerability

 CVE-2022-38023
Vulnerability in JsonWebToken CVE-2022-23529
MegaRAC BMC Vulnerabilities Affecting Compute Servers CVE-2022-40259CVE-2022-40242CVE-2022-2827
Vulnerabilities in Hitachi RAID Manager Storage Replication Adapter (SRA) CVE-2022-34882, CVE-2022-34883
OpenSSL 3.0.x Vulnerabilities: CVE-2022-3602 & CVE-2022-3786 CVE-2022-3602, CVE-2022-3786
"Text4Shell" - Remote Code Execution Vulnerability in Apache Commons Text Library CVE-2022-42889
HCP Multitenancy Vulnerability CVE-2021- 28052
Vulnerability in OpenSSL: c rehash Script Could Allow Command Injection CVE-2022-1292
Apache Kafka Security Vulnerabilities CVE-2022-23307, CVE-2022-23305, CVE-2022-23302, CVE-2019-17571, CVE-2020-9488 
"Spring4Shell" - RCE Vulnerabilities in Spring Framework and Spring Cloud Function CVE-2022-22965, CVE-2022-22963CVE-2022-22950
Denial of Service Vulnerability in Several Versions of OpenSSL CVE-2022-0778
Vulnerability in Versions of Samba Prior to 4.13.17 Could Allow a Remote Attacker to Execute Arbitrary Code CVE-2021-44142
PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s "pkexec" CVE-2021-4034
Multiple Security Vulnerabilities in Apache Log4j Library CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, CVE-2021-44832
Hitachi Content Platform Anywhere (HCP-AW) 4.4.5 and Later Allows Information Disclosure CVE-2021-41573
 
Vulnerability in OpenSSL: c rehash Script Could Allow Command Injection CVE-2022-1292
Apache Kafka Security Vulnerabilities CVE-2022-23307, CVE-2022-23305, CVE-2022-23302, CVE-2019-17571, CVE-2020-9488 
"Spring4Shell" - RCE Vulnerabilities in Spring Framework and Spring Cloud Function CVE-2022-22965, CVE-2022-22963CVE-2022-22950
Denial of Service Vulnerability in Several Versions of OpenSSL CVE-2022-0778
Vulnerability in Versions of Samba Prior to 4.13.17 Could Allow a Remote Attacker to Execute Arbitrary Code CVE-2021-44142
PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s "pkexec" CVE-2021-4034
Multiple Security Vulnerabilities in Apache Log4j Library CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, CVE-2021-44832
Hitachi Content Platform Anywhere (HCP-AW) 4.4.5 and Later Allows Information Disclosure
 
 CVE-2021-41573
 
HCP Anywhere Vulnerabilities in Versions Prior to v4.5 CVE-2017-15708CVE-2019-0230CVE-2019-10744CVE-2019-10746CVE-2019-19919, CVE-2019-20920, CVE-2020-17530
HCP Anywhere AngularJS Framework Vulnerabilities CVE-2019-10768CVE-2020-7676
Windows Print Spooler Service Remote Code Execution Vulnerability CVE-2021-34527
Kaseya VSA Supply-Chain Ransomware Attack N/A
DNS Vulnerabilities Effect 4 TCP/IP Stacks ("NAME:WRECK") (Multiple CVE's)
Windows MSHTML Platform Remote Code Execution Vulnerability CVE-2021-33742
VMware vRealize Business for Cloud Remote Code Execution Vulnerability CVE-2021-21984
Hitachi Content Intelligence - Remote Code Execution Vulnerability in Certain Versions of Apache Solr CVE-2019-17558
Hitachi Vantara Content Products jQuery Vulnerabilities CVE-2020-11022, CVE-2020-11023
Hitachi Content Intelligence - Sensitive Information Disclosure in Logstash CVE-2018-3817, CVE-2019-7612
Multiple Vulnerabilities in OpenSSL CVE-2021-3449, CVE-2021-3450
Brocade SANnav DoS Vulnerability in Versions Prior to v2.1.0a CVE-2020-15379
Hitachi Vantara Software Products Multiple Java SE Vulnerabilities (2021 Mar 5) CVE-2020-14779, CVE-2020-14781, CVE-2020-14782, CVE-2020-14792, CVE-2020-14796, CVE-2020-14797, CVE-2020-14798, CVE-2020-14803
VMware vCenter Server Remote Code Execution Vulnerability in the vSphere Client CVE-2021-21972
Hitachi Vantara Ops Center Common Services Vulnerabilities (2021 Feb 24) CVE-2017-7525, CVE-2017-15095, CVE-2020-14389, CVE-2020-25694, CVE-2020-25695, CVE-2020-25696, CVE-2020-35490, CVE-2020-35491
Hitachi Vantara Ops Center Analyzer Viewpoint Multiple Vulnerabilities (2021 Feb 24) CVE-2020-8908, CVE 2020-13956, CVE-2020-25649, CVE-2020-25694, CVE-2020-25695, CVE-2020-25696
Windows Win32k Elevation of Privilege Vulnerability CVE-2021-1732
Libgcrypt 1.9.0 Cryptographic Library Heap-Based Buffer Overflow Vulnerability CVE-2021-3345
Linux 'Sudo' Command Bug May Allow Unauthorized Users to Gain Root Privileges CVE-2021-3156
Hitachi Vantara Ops Center Common Services Vulnerabilities (2020 Dec 16) CVE-2020-1714, CVE-2020-10693, CVE-2020-10740, CVE-2020-10758
OpenSSL NULL Pointer Dereferencing Vulnerability CVE-2020-1971
Forced OGNL Evaluation on Raw User Input Tag Attributes May Lead to Remote Code Execution CVE-2020-17530
Open Source TCP/IP Stacks Vulnerabilities ("AMNESIA:33") (Multiple CVE's)
OpenSSH Vulnerability Could Allow Memory Corruption and Local Code Execution CVE-2019-16905
Flaw in Samba Could Allow Unauthenticated Attacker to Escape the Shared Directory CVE-2019-10197
Remote Code Execution Vulnerability Exists in Windows TCP/IP Stack CVE-2020-16898
Microsoft Elevation of Privilege Vulnerability When Connecting to Domain Controller Using Netlogon Remote Protocol CVE-2020-1472
Elevation of Privilege Vulnerability With Services Group Policy CVE-2020-1333
Treck TCP/IP Library Vulnerabilities in NetApp Products Could Lead to Disclosure of Sensitive Information or Denial of Service (DoS) CVE-2020-11896, CVE-2020-11897, CVE-2020-11898, CVE-2020-11899
Potential XSS jQuery Vulnerability When Appending HTML Containing Option Elements

CVE-2020-11023
Remote Code Execution (RCE) vulnerability in Windows DNS Server CVE-2020-1350
jQuery Before 3.4.0 Mishandles jQuery Function
CVE-2019-11358
VMware ESXi, VMware Workstation, and VMware Fusion Contain a Denial-of-Service (DoS) Vulnerability CVE-2020-3958, CVE-2020-3959
VMware Directory Service Vulnerability Could Allow an Attacker with Network Access to Obtain Sensitive Information CVE-2020-3952
CGI Servlet in Certain Apache Tomcat Versions Vulnerable to Remote Code Excecution CVE-2019-0232
SSI printenv Command in Certain Apache Tomcat Versions Vulnerable to XSS (Cross Site Scripting) CVE-2019-0221
A Remote Code Execution Vulnerability Exists in Microsoft Server Message Block 3.1.1 (SMBv3) Protocol CVE-2020-0796
Cisco Discovery Protocol implementation Vulnerability Could Allow Unauthenticated Attacker to Execute Arbitrary Code on an Affected Device CVE-2020-3119
A vulnerability in Hitachi Command Suite Products Could Allow Authenticated Remote Users to Expose Technical Information Through Error Messages CVE-2018-21032
Apache Tomcat AJP Connector Vulnerability CVE-2020-1938
March 2020 LDAP channel binding and LDAP signing requirement for Windows March 2020 LDAP channel binding and LDAP signing requirement for Windows
Sudo's Pwfeedback Option Can Be Used to Provide Visual Feedback When the User Is Inputting Their Password CVE-2019-18634
Vulnerabilities Related to Java Development Kit (JDK) Affecting Hitachi Command Suite (HCS) and Other Products CVE-2019-13117
Windows Remote Desktop Client Remote Code Execution Vulnerability CVE-2020-0609, CVE-2020-0610, CVE-2020-0611
A Spoofing Vulnerability Exists in the Way Windows CryptoAPI (Crypt32.Dll) Validates Elliptic Curve Cryptography (ECC) Certificates CVE-2020-0601
2nd Generation Intel (R) Xeon(R) Scalable Processors and Intel(R) Xeon(R) Processors May Allow a Privileged User Unauthorized Privileges
CVE-2019-11137
2nd Generation Intel (R) Xeon(R) Scalable Processors and Intel(R) Xeon(R) Processors May Allow a Privileged User Unauthorized Privileges CVE-2019-11136, CVE-2019-11139, CVE-2019-11170, CVE-2019-11173, CVE-2019-11174, CVE-2019-11177, CVE-2019-11178, CVE-2019-11179, CVE-2019-11181
Hitachi Device Manager Contains Vulnerability that Incorrectly Discloses System Information CVE-2018-21026
Scripting Engine Memory Corruption Vulnerability in Internet Explorer CVE-2019-1429
Cross Site Scripting Vulnerability When Microsoft Dynamics 365 (On-premises) Does Not Properly Sanitize a Specially Crafted Web Request CVE-2019-1375
Vulnerability Could Result in Unauthorized Bypass of Certain Policy Blacklists By Invoking sudo With a Crafted User ID CVE-2019-14287
A Spoofing Vulnerability Exists When Microsoft Browsers Improperly Handle Browser Cookies, aka Microsoft Browser Spoofing Vulnerability CVE-2019-1357
Spoofing Vulnerability in Microsoft Browsers Does Not Properly Parse HTTP Content, aka Microsoft Browser Spoofing Vulnerability CVE-2019-0608
Remote Code Execution Vulnerability Exists When Internet Explorer Improperly Accesses Objects in Memory CVE-2019-1371
Combined CVE article CVE-2019-1169, CVE-2019-1162, CVE-2019-1177, CVE-2019-1178, CVE-2019-1183, CVE-2019-1187, CVE-2019-1228, CVE-2019-0716
Microsoft Windows GDI Vulnerability Could Allow an Attacker to Obtain Information to Further Compromise a User’s System CVE-2019-1143
A Memory Corruption Vulnerability in Internet Explorer’s Scripting Engine Could Result in Attacker Ability to Execute Arbitrary Code CVE-2019-1367
Microsoft Graphics Component Vulnerability Could Allow an Attacker to Obtain Information to Further Compromise the User’s System CVE-2019-1078
Vulnerability in the Microsoft XML Core Services MSMXL Parser Could Allow Attacker Remotely Control User's System CVE-2019-1057
Microsoft Windows Vulnerability Due to Improper Handling of Objects in Memory Could lead to Denial of Service (DoS) Attack CVE-2019-0716
A Remote Code Execution Vulnerability Exists in Remote Desktop Services (RDP) When an Unauthenticated Attacker Connects to the Target System
CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, CVE-2019-1226
Non-openbsd Platform Accept Extraneous Username Data Which Could Allow Local Users to Conduct Impersonation Attacks CVE-2015-6563
Certain Eclipse Jetty Versions Will Reveal the Configured Fully Qualified Directory Base Resource Location on the Output of the 404 Error CVE-2019-10247
png.c Function in libpng (Reference Library for PNG) Contains use-after-free Bug CVE-2019-7317
Vulnerability Allows Unauthenticated Attacker with Network Access to Compromise Java SE CVE-2019-2769, CVE-2019-2816, CVE-2019-2786, CVE-2019-2766, CVE-2019-2762, CVE-2019-2745
Supermicro BMC Flaw Exposes Servers to USB Attacks No CVE Assigned
RPC Code Generator in Samba 3.X Could Allow Remote Attackers to Execute Arbitrary Code via a Crafted RPC Call CVE-2012-1182
Flaw in Samba Daemon (smbd) Could Allow a Malicious Samba Client to Send Netlogon Packets Leading to Arbitrary Code Execution CVE-2015-0240
Netbios Name Services Daemon (nmbd) in Samba 4.X Before 4.21 and 4.1.X Before 4.1.11 Could Allow Remote Attackers to Execute Arbitrary Code CVE-2014-3560
Vulnerability in Samba 4.X Before 4.7.3 Could Allow Remote Attackers to Execute Arbitrary Code CVE-2017-14746
OpenSSH Vulnerability Could Allow Remote Servers to Obtain Sensitive Information from Process Memory CVE-2016-0777, CVE-2016-0078
IPMI 2.0 RAKP Password Hash Disclosure CVE-2013-4786
SNMP Agent Uses Default (Public) Community Name CVE-1999-0517
Weaknesses in the MD5 Algorithm Could Allow Attackers to Generate Cryptographic Tokens That Illegitimately Appear to Be Authentic CVE-2004-2761
Several TCP-Based Networking Vulnerabilities In FreeBSD and Linux Kernels Could Result In Remote DoS Attacks CVE-2019-11477, CVE-2019-11478, CVE-2019-11479
Vulnerabilities In HP-UX NTP Service Could Be Exploited Remotely to Allow a Denial of Service (DoS) Attack CVE-2016-9310
Oracle Weblogic Server Vulnerability Could Allow an Unauthenticated Attacker to Compromise Oracle Weblogic Server CVE-2019-2729
SSH Vulnerability Could Allow Remote Authenticated Users to Cause a Denial of Service via Crafted Glob Expressions CVE-2010-4478, CVE-2010-4755, CVE-2014-2532, CVE-2011-5000, CVE-2012-0814
Network Time Protocol Daemon (ntpd) monlist Command Enabled DoS (Amplification attack) CVE-2013-5211
Privilege Vulnerability Exists When the Windows Shell Fails to Validate Folder Shortcuts CVE-2019-1053
Adobe Flash Player Vulnerability 32.0.0.192 and Earlier Could Lead to Arbitrary Code Execution CVE-2019-7096, CVE-2019-7845, CVE-2019-7837, CVE-2019-7108, CVE-2019-7090
Linux Kernel Vulnerability Before 5.0.8 Related to the rds tcp kill sock in net/rds/tcp.c Function CVE-2019-11815
Intel Speculative Execution Vulnerabilities RIDL, Fallout, Zombieload CVE-2018-12126, CVE-2018-12130, CVE-2018-12127, CVE-2019-11091, CVE-2019-11135 
Microsoft Remote Desktop Services Vulnerability Could Allow Unauthorized Execution of Arbitrary Code on Target System CVE-2019-0708
Vulnerability in lighttpd Web Server Module Could Potentially Allow Access to Directories Above the Authorized Aliased Path CVE-2018-19052
Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Default SSH Key Vulnerability CVE-2019-1804
Vulnerability in the Oracle Weblogic Server Allows Unauthenticated Attacker with Network Access via HTTP to Compromise Oracle Weblogic Server CVE-2019-2658
Windows Speculative Execution Vulnerability May Allow Unauthorized Disclosure of Information to an Attacker with Local User Access CVE-2018-3693
Vulnerability Allows Unauthenticated Attacker with Network Access to Compromise Java SE Embedded CVE-2019-2684, CVE-2019-2602
Vulnerability Allows Unauthenticated Attacker with Network Access to Compromise Java SE CVE-2019-2697, CVE-2019-2698, CVE-2019-2699
CGI Servlet in Certain Versions of Apache Tomcat Vulnerable to Remote Code Execution CVE-2019-0232
Apache HTTP Server Vulnerability Could Result Execution of Arbitrary Code With Unauthorized Elevated Privileges CVE-2019-0211
Linux Kernels With "Lazy FPU Restore" Flaw Vulnerable to FPU Targeted Cache Side-channel Attacks CVE-2018-3665
Linux Kernel Integer Overflow Flaw Can Be Used For Unauthorized Elevation of Privileges CVE-2018-14634
Spoiler - Intel Speculative Execution Vulnerability CVE Number Not Yet Assigned
Internet Explorer Scripting Engine Memory Corruption Vulnerability CVE-2018-8653
Incorrect Handling of Error Message in Kubernetes API Allowed Unauthorized Connection to Backend Servers CVE-2018-1002105
Flaws In Some Brands of Popular Solid-State Drives (SSDs) Could Allow Unauthorized Decryption of Data CVE Number Not Yet Assigned
Eclipse Jetty Cache Poisoning Vulnerability CVE-2017-7656, CVE-2017-7657, CVE-2017-7658, CVE-2018-12536 
Intel CPU PortSmash Side-Channel Vulnerability CVE-2018-5047
Vulnerability in dhcp6 Client Allows a Malicious dhcp6 Server to Overwrite Heap Memory CVE-2018-15688
Flaw in libssh Before 0.7.6 and 0.8.4. Could Allow Unauthorized Client to Create Channels CVE-2018-10933
Supermicro Motherboard Vulnerability Not yet assigned
Apache Struts Vulnerability Could Allow Remote Code Execution and Elevated Privileges on the Compromised Application CVE-2018-11776
OpenSSH Vulnerability Could Potentially Allow Brute Force Dictionary Attacks on User Passwords CVE-2018-15473
Bug in OpenSSL Could Result in Low Possibility of RSA or DSA Attack CVE-2017-3736, CVE-2017-3738
Python Vulnerability Related to Expressions Which Could Be Exploited to Cause a DoS (Denial of Service) Attack CVE-2018-1060, CVE-2018-1061
Foreshadow - Speculative Execution Microprocessor Vulnerability CVE-2018-3646, CVE-2018-3620, CVE-2018-3615
Java SE/Java Embedded Vulnerabilities Could Allow Unauthorized Creation, Deletion or Modification to Critical Data CVE-2018-2973, CVE-2018-2940, CVE-2018-2952
HCS Configuration Information of Server and Storage Systems Potentially Exposed Due to GUI Vulnerability CVE-2018-14735
Samba Memory Leak Flaw in SMB1 Protocol CVE-2017-12163
Vulnerability in the Nginx Range Filter Could Allow a Specially Crafted Request Potentially Resulting in Sensitive Information Leak CVE-2017-7529
Certain Versions of Pivotal Operations Manager Vulnerable Due to NGINX Vulnerabilities CVE-2018-11046
Java RMI Deserialization Vulnerability Could Allow Unauthenticated Attacker Access to Java SE, Java SE Embedded, JRockit CVE 2017-3241
Windows Vulnerability in 32k Component Could Lead to Unauthorized Elevation of Privileges  CVE-2018-8210 
Linux Kernel Flaw Related to POP SS and MOV SS Could Result in Vulnerability to DoS Attack  CVE-2018-8897 and CVE-2018-1087
Vulnerability in Oracle Fusion Middleware Could Allow Unauthenticated Attacker Network Access to Oracle WebLogic Server CVE-2018-2628 
Spring Data Commons Vulnerability Can Be Used to Remotely Exploit Spring Data REST HTTP Resources CVE-2018-1273
Remote Code Execution with spring-messaging CVE-2018-1270
Vulnerability in Previous Versions of FasterXML jackson-databind Could Allow Remote Code Execution CVE-2018-7489
Multiple Vulnerabilites in Oracle Java SE (Oracle Critical Patch Update Advisory - January 2018) (Multiple CVEs)
(ROBOT) - A Defect in RSA Encryption Could Allow an Attacker to Decrypt Encrypted Communications (Multiple CVEs)
A Vulnerability in Adobe Flash Player May Allow Arbitrary Code Execution CVE-2018-4878
Weak Encryption in Telerik.Web.UI CVE-2017-11317
Web Applications Using the Apache Struts REST Plugin May Allow Remote Code Execution CVE-2017-9805
Apache Struts 2.3.x May Allow Remote Code Execution CVE-2017-9791
Cross-Site Scripting Vulnerability in Older Versions of Hitachi Device Manager and Hitachi Replication Manager CVE-2017-9298
Open Redirect Vulnerability in Older Versions of Hitachi Device Manager CVE-2017-9297
Open Redirect Vulnerability in Older Versions of Hitachi Device Manager and Hitachi Tuning Manager CVE-2017-9296
XXE Vulnerability in Older Versions of Hitachi Device Manager and Hitachi Replication Manager CVE-2017-9295
RMI Vulnerability in Older Versions of Hitachi Device Manager CVE-2017-9294
Flaw in jackson-databind Could Allow Remote Code Execution Through Object Mapper CVE-2017-15095
Vulnerability in Samba Since Version 3.5.0 May Allow Remote Code Execution CVE-2017-7494

Cisco Prime Data Center Network Manager Debug Remote Code Execution Vulnerability

 CVE-2017-6639
Linux Kernel Flaw Could Allow an Unprivileged User to Escalate Their System Privileges CVE-2017-6074
(Meltdown) - Systems with Microprocessors Utilizing Speculative Execution and Indirect Branch Prediction May Allow Unauthorized Disclosure of Information to an Attacker CVE-2017-5754
(Spectre) - Systems with Microprocessors Utilizing Speculative Execution and Indirect Branch Prediction May Allow Unauthorized Disclosure of Information to an Attacker CVE-2017-5715 and CVE-2017-5753
Intel AMT/ME Privilege Escalation CVE-2017-5689

Jakarta Multipart Parser in Apache Struts May Allow Remote Code Execution

 CVE-2017-5638
The REST Plugin in Apache Struts 2.5 to 2.5.14 May Be Vulnerable to DoS Attacks CVE-2017-15707
Microsoft Windows SMB Remote Code Execution Vulnerabilities CVE-2017-0143, 0144, 1045, 0146, 0147
Earlier Versions of Apache Tomcat May Allow Remote Code Execution CVE-2016-8735
Birthday Attacks on 64-Bit Block Ciphers in OpenVPN CVE-2016-6329
Memory Leaks in Older Versions of OpenSSL May Enable DoS Attacks CVE-2016-6304
Older Versions of the Apache HTTP Server May Allow a Remote Attacker to Redirect HTTP Requests CVE-2016-5387
(Dirty CoW) - A Flaw in Older Versions of the Linux Kernel Could Allow Local Users to Gain Elevated Privileges CVE-2016-5195
A Flaw in Older Versions of the OpenSSH Server Could Allow an Authenticated Client with Restricted SSH Access to Bypass Intended Restrictions CVE-2016-3115
A Flaw in Older Versions of BIND Could Enable a DoS Attack CVE-2016-2776
Sweet32 CVE-2016-2183
Vulnerability in Oracle Java SE Could Allow Remote Code Execution CVE-2016-0636
A Flaw in Older Versions of the OpenSSH sshd Daemon Could Facilitate a Password Guessing Attack CVE-2015-5600
Older Versions of McAfee Agent May Facilitate Clickjacking Attacks CVE-2015-2053
Microsoft Schannel Remote Code Execution Vulnerability CVE-2014-6321
Weaknesses in the RC4 Algorithm Could Facilitate Plaintext-Recovery Attacks CVE-2013-2566

 

For previous vulnerabilities click here

Attachments

Attachment: 7374_20240807163204_240417100006200.pdf

Employee Notes

Internal Notes

**This section is only visible to Employees, content in the CVEs listed below has not been approved to share with customers. 

Statement for Customers During Discovery Phase

Some security issues gain notoriety so quickly that a rapid response is warranted in order to ease customers' concerns. For these specific situations, Product Support Management (PSM) has issued a statement that GSC personnel can use as a guide in formulating an initial response:

"Today's digital world requires constant vigilance. As a valued Hitachi Vantara customer, we wish to keep you apprised of the very latest cybersecurity threats. We are aware of the recent <VULNERABILITY NAME>, and are currently assessing what impact, if any, it may pose to your Hitachi Vantara products or solutions. We will publish this information on the Security Advisories section of the Hitachi Vantara Support Portal as soon as it's available."

CXone Metadata

CVE,pagetype:knowledgearticle,CVE Index,article:cve

Solution Properties

Keywords
https://knowledge.hitachivantara.com/Security/CVE_Index_Page
Solution ID
241403050017684
Last Modified Date
09/16/2024 06:15:27 PM
Attributes
Page Privacy and Permission Assignment
  • Page Privacy: Private
  • Page Level Permissions: Anonymous; Employee; Service Partner; Customer; IT; eServices
  • Article: cve
  • Pagetype: knowledgearticle
Taxonomy
  • Security Advisories > Advisories
Collections
  • Customer
  • Employee
  • Guest
  • Service Partner
Views
0