Vulnerabilities in Hitachi RAID Manager Storage Replication Adapter (SRA)

Summary

Two vulnerabilities in certain versions of Hitachi RAID Manager Storage Replication Adapter (SRA) were recently announced. The first of these, CVE-2022-34882, could allow unintended exposure of authentication information. The second, CVE-2022-34883, could allow arbitrary command execution.

The specific, affected versions are:

• Hitachi RAID Manager SRA: 02.01.04 *
• Hitachi RAID Manager SRA: 02.02.00 *
• Hitachi RAID Manager SRA: 02.03.01
• Hitachi RAID Manager SRA: 02.05.00 **

* This version had already reached end-of-support.
** Both Docker and Windows versions are affected.

Recommended Actions

These vulnerabilities have since been mitigated in Hitachi RAID Manager SRA v02.03.02 and v02.05.01. If you are running an affected version of RAID Manager SRA, as indicated in the "Summary" section above, please follow the procedure described here (beginning with section "Permanent action") before upgrading to one of these fixed versions.

If any of the information presented above remains unclear, please contact the Hitachi Vantara Global Support Center, or your Vantara-authorized service and support provider.

The information contained herein is for informational purposes only. It is not intended as a guaranty or warranty about Hitachi Vantara’s products, including any guaranty or warranty that any product cannot be exploited by third parties. All product warranties and obligations to a customer must be specified in a mutually acceptable and executed contract between the parties.