Hitachi

August 2, 2019
Hitachi, Ltd. IT Platform Products Management Division

Hitachi Disk Array Systems have the following vulnerability.

Security Information ID

hitachi-sec-2019-306

Vulnerability description

ADV190015 | June 2019 Adobe Flash Security Update
CVE-2019-0888 | ActiveX Data Objects (ADO) Remote Code Execution Vulnerability
CVE-2019-0920 | Scripting Engine Memory Corruption Vulnerability
CVE-2019-0943 | Windows ALPC Elevation of Privilege Vulnerability
CVE-2019-0948 | Windows Event Viewer Information Disclosure Vulnerability
CVE-2019-0960 | Win32k Elevation of Privilege Vulnerability
CVE-2019-0968 | Windows GDI Information Disclosure Vulnerability
CVE-2019-0972 | Local Security Authority Subsystem Service Denial of Service Vulnerability
CVE-2019-0973 | Windows Installer Elevation of Privilege Vulnerability
CVE-2019-0977 | Windows GDI Information Disclosure Vulnerability
CVE-2019-0984 | Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2019-0986 | Windows User Profile Service Elevation of Privilege Vulnerability
CVE-2019-0988 | Scripting Engine Memory Corruption Vulnerability
CVE-2019-1005 | Scripting Engine Memory Corruption Vulnerability
CVE-2019-1009 | Windows GDI Information Disclosure Vulnerability
CVE-2019-1010 | Windows GDI Information Disclosure Vulnerability
CVE-2019-1011 | Windows GDI Information Disclosure Vulnerability
CVE-2019-1012 | Windows GDI Information Disclosure Vulnerability
CVE-2019-1013 | Windows GDI Information Disclosure Vulnerability
CVE-2019-1014 | Win32k Elevation of Privilege Vulnerability
CVE-2019-1015 | Windows GDI Information Disclosure Vulnerability
CVE-2019-1016 | Windows GDI Information Disclosure Vulnerability
CVE-2019-1017 | Win32k Elevation of Privilege Vulnerability
CVE-2019-1018 | DirectX Elevation of Privilege Vulnerability
CVE-2019-1025 | Windows Denial of Service Vulnerability
CVE-2019-1038 | Microsoft Browser Memory Corruption Vulnerability
CVE-2019-1039 | Windows Kernel Information Disclosure Vulnerability
CVE-2019-1043 | Comctl32 Remote Code Execution Vulnerability
CVE-2019-1045 | Windows Network File System Elevation of Privilege Vulnerability
CVE-2019-1046 | Windows GDI Information Disclosure Vulnerability
CVE-2019-1047 | Windows GDI Information Disclosure Vulnerability
CVE-2019-1048 | Windows GDI Information Disclosure Vulnerability
CVE-2019-1049 | Windows GDI Information Disclosure Vulnerability
CVE-2019-1050 | Windows GDI Information Disclosure Vulnerability
CVE-2019-1053 | Windows Shell Elevation of Privilege Vulnerability
CVE-2019-1055 | Scripting Engine Memory Corruption Vulnerability
CVE-2019-1069 | Task Scheduler Elevation of Privilege Vulnerability
CVE-2019-1080 | Scripting Engine Memory Corruption Vulnerability
CVE-2019-1081 | Microsoft Browser Information Disclosure Vulnerability

Affected products

The following table shows the affected products.

Product Name Affected versions Vulnerability ID Remark
Hitachi Virtual Storage Platform
G130,G150,G350,G370,G700,G900
Hitachi Virtual Storage Platform
F350,F370,F700,F900
N/A - -
Hitachi Virtual Storage Platform G100,G200,G400,G600,G800
Hitachi Virtual Storage Platform
F400,F600,F800
N/A - -
Hitachi Unified Storage VM All ADV190015
CVE-2019-0888
CVE-2019-0920
CVE-2019-0943
CVE-2019-0948
CVE-2019-0972
CVE-2019-0973
CVE-2019-0984
CVE-2019-0986
CVE-2019-0988
CVE-2019-1005
CVE-2019-1010
CVE-2019-1012
CVE-2019-1014
CVE-2019-1017
CVE-2019-1018
CVE-2019-1025
CVE-2019-1038
CVE-2019-1039
CVE-2019-1043
CVE-2019-1045
CVE-2019-1046
CVE-2019-1050
CVE-2019-1053
CVE-2019-1055
CVE-2019-1069
CVE-2019-1080
CVE-2019-1081
-
Hitachi Virtual Storage Platform G1000,G1500
Hitachi Virtual Storage Platform F1500
Hitachi Virtual Storage Platform VX7
All ADV190015
CVE-2019-0888
CVE-2019-0920
CVE-2019-0943
CVE-2019-0948
CVE-2019-0960
CVE-2019-0968
CVE-2019-0972
CVE-2019-0973
CVE-2019-0977
CVE-2019-0984
CVE-2019-0986
CVE-2019-0988
CVE-2019-1005
CVE-2019-1009
CVE-2019-1010
CVE-2019-1011
CVE-2019-1012
CVE-2019-1013
CVE-2019-1014
CVE-2019-1015
CVE-2019-1016
CVE-2019-1017
CVE-2019-1018
CVE-2019-1025
CVE-2019-1038
CVE-2019-1039
CVE-2019-1043
CVE-2019-1045
CVE-2019-1046
CVE-2019-1047
CVE-2019-1048
CVE-2019-1049
CVE-2019-1050
CVE-2019-1053
CVE-2019-1055
CVE-2019-1069
CVE-2019-1080
CVE-2019-1081
-
Hitachi Virtual Storage Platform
Hitachi Virtual Storage Platform VP9500
All CVE-2019-0888
CVE-2019-0943
CVE-2019-0948
CVE-2019-0960
CVE-2019-0968
CVE-2019-0972
CVE-2019-0973
CVE-2019-0977
CVE-2019-0984
CVE-2019-1011
CVE-2019-0986
CVE-2019-1009
CVE-2019-1010
CVE-2019-1012
CVE-2019-1013
CVE-2019-1014
CVE-2019-1015
CVE-2019-1016
CVE-2019-1017
CVE-2019-1025
CVE-2019-1039
CVE-2019-1043
CVE-2019-1045
CVE-2019-1046
CVE-2019-1047
CVE-2019-1048
CVE-2019-1049
CVE-2019-1053
-
Hitachi Universal Storage Platform V
Hitachi Universal Storage Platform VM
N/A - -
Hitachi Unified Storage 100
Hitachi Adaptable Modular Storage
Hitachi Workgroup Modular Storage
Hitachi Simple Modular Storage
N/A - -

Action to be taken

Software update.
Please contact your authorized service representative for details on any corrective actions such as software updates and the schedule for their release.

References

Please refer to the following information about the vulnerability.

Revision history

  • August 2, 2019: This security information page is published.
  • Hitachi, Ltd. (hereinafter referred to as "Hitachi") tries to provide accurate information about security countermeasures. However, since information about security problems constantly changes, the contents of these Web pages are subject to change without prior notice. When referencing information, please confirm that you are referencing the latest information.
  • The Web pages include information about products that are developed by non-Hitachi software developers. Vulnerability information about those products is based on the information provided or disclosed by those developers. Although Hitachi is careful about the accuracy and completeness of this information, the contents of the Web pages may change depending on the changes made by the developers.
  • The Web pages are intended to provide vulnerability information only, and Hitachi shall not have any legal responsibility for the information contained in them. Hitachi shall not be liable for any consequences arising out of or in connection with the security countermeasures or other actions that you will take or have taken (or not taken) by yourself.
  • The links to other web sites are valid at the time of the release of the page. Although Hitachi makes an effort to maintain the links, Hitachi cannot guarantee their permanent availability.