[Important Notification]
Storage Management Software ETERNUS SF VULNERABILITY
October 20, 2025
Fsas Technologies Inc.
A vulnerability has been newly detected in ETERNUS SF products.
Take the following actions accordingly.
1. Affected product and version
As of October 20, 2025, the products and versions affected by this vulnerability are as follows:
| Platform | Product Name and Version | |
|---|---|---|
| 1 | Oracle Solaris 11
Oracle Solaris 10 | ETERNUS SF AdvancedCopy Manager Standard Edition, V15.0/ V15.1/ V15.2/ V15.3/ V16.0/ V16.1/ V16.2/ V16.3/ V16.4/ V16.5/ V16.6/ V16.7/ V16.8/ V16.9/ V16.9.1 |
| ETERNUS SF Storage Cruiser, V15.0/ V15.1/ V15.2/ V15.3/ V16.0/ V16.1/ V16.2/ V16.3/ V16.4/ V16.5/ V16.6/ V16.7/ V16.8/ V16.9/ V16.9.1 | ||
| 2 | Red Hat(R) Enterprise Linux(R) 9
Red Hat(R) Enterprise Linux(R) 8 Red Hat(R) Enterprise Linux(R) 7 | ETERNUS SF AdvancedCopy Manager Standard Edition, V16.2/ V16.3/ V16.4/ V16.5/ V16.6/ V16.7/ V16.8/ V16.9/ V16.9.1 |
| ETERNUS SF Express, V16.2/ V16.3/ V16.4/ V16.5/ V16.6/ V16.7/ V16.8/ V16.9/ V16.9.1 | ||
| ETERNUS SF Storage Cruiser, V16.2/ V16.3/ V16.4/ V16.5/ V16.6/ V16.7/ V16.8/ V16.9/ V16.9.1 | ||
| 3 | Microsoft(R) Windows Server(R) 2022
Microsoft(R) Windows Server(R) 2019 Microsoft(R) Windows Server(R) 2016 | ETERNUS SF AdvancedCopy Manager Standard Edition, V16.4/ V16.5/ V16.6/ V16.7/ V16.8/ V16.9/ V16.9.1 |
| ETERNUS SF Express, V16.4/ V16.5/ V16.6/ V16.7/ V16.8/ V16.9/ V16.9.1 | ||
| ETERNUS SF Storage Cruiser, V16.4/ V16.5/ V16.6/ V16.7/ V16.8/ V16.9/ V16.9.1 |
2. Summary
A vulnerability related to improper file access permissions exists in the manager program (ETERNUS SF Manager program) of the affected products and versions listed above.
This vulnerability could allow a general user who is able to access the Management Server (*1) where the manager program is running to execute OS commands with administrator privileges.
- *1This vulnerability exists in the manager program. Therefore, when ETERNUS SF AdvancedCopy Manager is used by installing the manager program and utilizing only the included AdvancedCopy Manager CCM functionality in the manager program, this vulnerability is present.
3. Solution and timeline
Fsas Technologies has distributed a patch for the manager program (ETERNUS SF Manager program) of the affected products and versions.
The patch application requirement is as follows.
| Product name | Program provided by the product | Patch application | Remarks |
|---|---|---|---|
| ETERNUS SF Express | Manager program | Required | - |
| ETERNUS SF Storage Cruiser | Manager program | Required | - |
| Agent program | Not required | - | |
| ETERNUS SF AdvancedCopy Manager Standard Edition | Manager program | Required | The patch must be applied even if you are only using the included AdvancedCopy Manager CCM functionality in this program. |
| Agent program | Not required | - | |
| AdvancedCopy Manager CCM program | Not required | - |
[Solution]
The method for obtaining and applying the patch is as follows:
Please download and apply the patch available from the Products Support site.
https://support.ts.fujitsu.com/IndexDownload.asp
[Timeline]
From October 20, 2025
