Skip to main content
September 6, 2022
Hitachi, Ltd. IT Platform Products Management Division
Hitachi Disk Array Systems have the following vulnerability.
Storage Replication Adapter for Hitachi disk array systems (Hitachi RAID Manager SRA (RMSRA)) has the following vulnerabilities: i) exposure of authentication information and ii) arbitrary command execution.
i) CVE-2022-34882 : Exposure of authentication information
ii)CVE-2022-34883 : Arbitrary command execution
The following table shows the affected products.
|Product Name||Hitachi RAID Manager SRA|
* Product end of support.
** Both SRA for Docker and Windows are affected.
Workaround for vulnerability i):
- Do not use characters other than the usable characters described below for the following information registered in the "Add Array Manager" window of SRM.
✔ IP address or host name of the RAID Manager server
✔ Username for connecting to the RAID Manager server using SSH
✔ Password for connecting to the RAID Manager server using SSH
One-byte alphanumeric characters and the following symbols
Hyphen (-), comma (,), period (.), colon (:), at mark (@), underscore (_), slash (/)
- The password might be already recorded in the SRM log files. Delete the log files by using the following procedure.
<Procedure for deleting log files (for Docker RMSRA)>
<Procedure for deleting log files (for Windows RMSRA)>
<Procedure for deleting log (for both Docker/Windows RMSRA)>
If a log transfer setting and the like is configured on the SRM server, run the same check for transferred logs and delete logs as necessary.
Workaround for vulnerability ii):
Closely manage access rights to SRM.