SSL Security Vulnerabilities in Hitachi Content Intelligence (HCI) v2.2.2

Content

Priority: ● High

Status: Monitoring

First Published: 25 September, 2023

Advisory Version: 1.0

References: CVE-2022-4304, CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2022-3996, CVE-2022-4203, CVE-2023-0216, CVE-2023-0217, CVE-2023-0401

Summary

Hitachi Content Intelligence v2.2.2 has been assessed for SSL vulnerabilities indicated by the CVE identifiers in the table below.

Affected Products

Vulnerable Products

The following matrix lists Hitachi Vantara products and solutions which have been confirmed to be affected by these vulnerabilities.

Product

Fixed Release Version

Content Products

Hitachi Content Intelligence v2.2.2

· CVE-2022-4304: Affected ¹
· CVE-2023-0215: Affected ¹
· CVE-2023-0286: Affected ¹
· CVE-2023-0464: Affected ¹
· CVE-2023-0465: Affected ¹
· CVE-2023-0466: Affected ¹
· CVE-2022-4450: Affected ¹
· CVE-2023-0215: Affected ¹
· CVE-2023-0286: Affected ¹
· CVE-2022-3996: Not affected ²
· CVE-2022-4203: Not affected ²
· CVE-2023-0216: Not affected ²
· CVE-2023-0217: Not affected ²
· CVE-2023-0401: Not affected ²

1 An affected version of SSL (v1.1.1o) is used.
2 An affected version of SSL is not used.

Products Confirmed Not Vulnerable

At the time of this advisory's publication, only products listed in the Vulnerable Products section above are confirmed to be affected by this vulnerability.

Recommended Actions

The SSL vulnerabilities affecting Hitachi Content Intelligence, as indicated by a status of "Affected" in the table above, are mitigated by adhering to best practices while configuring HCI. These include:

1) Setting up HCI systems to use both an internal (private) and external network
2) Configuring a firewall to block all ports coming into or out of an HCI cluster, with the exception of ports 8000, 8080, and 6162

3) Please reference the following Hitachi Vantara Documentation for additional guidance

See “Installing Hitachi Content Intelligence, Chapter 2: System Requirements and Sizing - Ports”
See “Installing Hitachi Content Intelligence, Appendix F: Example HCI Firewall Setup”

Performed in combination, these steps are sufficient to eliminate exposure.

Please continue to check this Security Advisory, as new information will be added to it as it becomes available.

If any of the information presented above remains unclear, please contact the Hitachi Vantara Global Support Center, or your Vantara-authorized service and support provider.

The information contained herein is for informational purposes only. It is not intended as a guaranty or warranty about Hitachi Vantara’s products, including any guaranty or warranty that any product cannot be exploited by third parties. All product warranties and obligations to a customer must be specified in a mutually acceptable and executed contract between the parties.

CXone Metadata

CVE; SSL

Keywords: https://knowledge.hitachivantara.com/Security/SSL_Security_Vulnerabilities_in_Hitachi_Content_Intelligence_(HCI)_v2.2.2