ServerView Content Collector/ ServerView Update DVD Base: Unauthorized access from third parties. July 14th, 2020


Notes on using this web page

1. Description

A vulnerability has been identified that allows third parties to access and operate ServerView Content Collector and ServerView Update DVD Base from the Internet.

Fujitsu provides security patches shown in 3.
Please apply them as soon as possible.

2. Impact

Third parties may perform the following operations on the ServerView Content Collector and ServerView Update DVD Base:

  • Download unexpected files
  • Browse the directory structure of the products running environment
  • Stop running products

3. Affected systems and corresponding action

3-1.Affected systems

PRIMERGY, CELSIUS, PRIMEQUEST

3-2.Affected products and required patch
ProductsVersionTarget OSPackage namePatch ID
ServerView Content CollectorV3.00.03
V3.10.01
V3.20.02
Windows 8 (64-bit)/ 10 (64-bit)
Windows Server 2012 R2 (64-bit)/ 2016 (64-bit)/ 2019 (64-bit)
RHEL/ CentOS 6.7/ 6.9/ 7.3/ 7.4/ 7.5/ 7.6/ 7.7/ 7.8/ 8.0/ 8.1
SLES 11 SP4/ 12/ 12 SP3/ 12 SP4/ 12 SP5/ 15/ 15 SP1
-V3.30.01
ServerView Update DVD BaseV12.19.10.03
V12.20.01.01
V12.20.04.02
Windows 8 (64-bit)/ 10 (64-bit)
Windows Server 2012 R2 (64-bit)/ 2016 (64-bit)/ 2019 (64-bit)
RHEL/ CentOS 6.7/ 6.9/ 7.3/ 7.4/ 7.5/ 7.6/ 7.7/ 7.8/ 8.0/ 8.1
SLES 11 SP4/ 12/ 12 SP3/ 12 SP4/ 12 SP5/ 15/ 15 SP1
-V12.20.07.01

How to get the patches: Please download from "Product Support" site.

Note: Determining the affected product
ServerView Content Collector: Please refer to the "ThirdPartyLicenseReadme.txt" included with the product to determine the version.
ServerView Update DVD Base: Please refer to the "ReleaseNote.txt" included with the product to determine the version.

3-3. Workaround

None

4. Related information

None

5.Revision history

  • Jul. 14th, 2020: Initial release
Top of Page