[Japanese]

JVNDB-2009-002345

StartTLS not enabled in Hitachi Storage Command Suite products

Overview

When a Hitachi Storage Command Suite product uses an LDAP directory server as the server to be used for external authentication, StartTLS won't be enabled even if it is specified as the connection protocol.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 5.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None
Affected Products


Hitachi, Ltd
  • Hitachi Device Manager Software
  • Hitachi Global Link Manager
  • Hitachi Replication Manager Software
  • Hitachi Tiered Storage Manager Software
  • Hitachi Tuning Manager

Impact

StartTLS won't be enabled even if it is specified as the connection protocol.
Solution

Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action.
Vendor Information

Hitachi, Ltd
  • Hitachi Software Vulnerability Information : HS09-018
CWE (What is CWE?)

  1. Configuration(CWE-16) [IPA Evaluation]
CVE (What is CVE?)

References

Revision History

  • [2009/12/24]
    Web page published