ETERNUS Management Pack for VMware vRealize Operations VULNERABILITY

December 21, 2022
Fujitsu Limited

1. Summary

The support log of ETERNUS Management Pack for VMware vRealize Operations (hereinafter referred to as "this software") includes the password which was used when registering the adapter instance for this software with VMware vRealize Operations

If all of the following conditions are met, your system may be affected by the vulnerability:

  • Register the adapter instance of this software with VMware vRealize Operations.
  • There are multiple user accounts with access privileges to the support logs or the support log is exported to an accessible location for a third party.

[Possible Impact of this vulnerability]
The password may be exposed.

[Examples of attacks the system may be subject to]
When a malicious user logs in to the VMware vRealize Operations with the leaked password, the user can steal the system information, halt the system and so on if the user account has its privilege.

[Handling of maintenance data in Fujitsu]
Fujitsu will use maintenance data provided by customers only for the purpose of providing services.
Maintenance data will not be disclosed or provided to anyone other than the engineers involved in fixing problems and providing support.
Fujitsu manages and handles personal information appropriately based on our personal information protection policy.

2. Affected product

[Affected software]
ETERNUS Management Pack for VMware vRealize Operations

[Affected version]
V1.0.0 - V1.2.2

3. Solution

- Please update this software to V1.2.3 or later. V1.2.3 is available from the download page of this software.
- If the support logs have been exported to a management terminal, please delete them.
- If the password may have been exposed, please change the password. Note that re-registration of the adapter instance is required after changing the password.

[Notice when the update of this software is not applicable]

  • Fujitsu may request the support logs for the investigation of a trouble. In this case, please delete the logs in your management terminal immediately after providing the logs.
  • Please review the user accounts of VMware vRealize Operations not to expose the password from the support logs.

[Notice when applying V1.2.3 or later]

  • The update does not require a system reboot.
  • Please update the PAK file of this software. For details, please refer to the user’s guide and the release notes.

For support of this software, please contact to technical support for ETERNUS SF Storage Cruiser.

Top of Page