Hitachi Security Advisories

In this web site, HIRT publishes integrated security advisories related to information systems of Hitachi group in order positively to comply with "Information Security Early Warning Partnership Guideline".

Vulnerabiliy handling related to information systems

Advisories for vulnerabilities related to Hitachi products and solutions to solve and avoid problems caused by vulnerabilities. Please refer to HIRT-PUB10008: Hitachi Vulnerabirity Disclosure Process which describes detailed process of vulnerability information disclosure for product development related to information system.

Incident handling related to information systems

Advisories for avoidance of attacks occurring actually and for solutions of security problems.

Hitachi group intends to mitigate damages caused by vulnerabilities and/or malwares through appropriate disclosure policy, and to fix the damages once an incident occurs.

Security Advisories with the Use of JVNRSS

JVNRSS is an XML format for outline description of vulnerability intelligence which is adopted by JVN (JapanVulnerabirity Notes) which IPA (Information-technology Promotion Agency, Japan) and JPCERT/CC jointly operate.

HIRT dispatches security intelligence based on JVNRSS 2.0 format in order to actively comply with "Trial of automated collection of vulnerability intelligence dispatched by product developer" which has been tested by IPA.

• Hitachi Security Information
  https://www.hitachi.com/hirt/security/
• IT Platform R&D Management Division Security Vulnerability Information
  https://www.hitachi.com/products/it/software/security/info/

Vulnerability Report to JVN (Japan Vulnerability Notes)

HIRT is positively promoting activities to comply with JVN (JapanVulnerabirity Notes ) co-operated by IPA (Information-technology Promotion Agency, Japan) and JPCERT/CC.
Also, HIRT reports to JVN on vulnerability reporting framework. , which may affect other companies' products, based on Information Security Early Warning Partnership Guideline.

February 10, 2014

• JVN#14876762 Apache Commons FileUpload vulnerable to denial-of-service (DoS)

August 19, 2011

• JVN#06924191 Microsoft Windows XP vulnerable to denial-of-service (DoS)

October 12, 2010

• JVN#82752978 Lhaplus may insecurely load dynamic libraries

December 13, 2007

• JVN#80057925 Cross-site scripting vulnerability in Apache HTTP Server "mod_imap" and "mod_imagemap"

September 30, 2005

• JVN#79314822 Tomcat vulnerable in request processing

March 14, 2005

• JVN#DD18AD07 Apache Tomcat denial of service vulnerability

January 11, 2005

• JVN#1BF8D7AA LDAP server update function vulnerable to buffer overflow

December 15, 2004

• JVN#904429FE Namazu cross-site scripting vulnerability

Hitachi Group Links

• Hitachi Industrial Equipment Systems (Japanese)
• Hitachi Solutions (Japanese)
• Hitachi Systems (Japanese)
• SecureBrain
• Hitachi Vantara
• Hitachi Energy
• Hitachi Systems Security