J-Security Center

Title: JP1/HiCommand Series Products OpenSSL Insecure Protocol Negotiation Weakness

Severity: MODERATE

Description:

JP1/HiCommand is a series of software products used to monitor and manage data-storage infrastructures.

JP1/HiCommand Series Products is prone to a remote protocol-negotiation weakness due to a design error.

Few technical details are currently available. We will update this BID as more information emerges.

Successful exploits may allow an attacker connecting to the affected server to replace the SSL 3 or TLS 1 protocol with the SSL 2 protocol. This may allow the attacker to exploit insecurities in SSL version 2 to gain access to or tamper with the clear-text communications between the targeted client and server.

NOTE: This issue may be related to BID 15071 (OpenSSL Insecure Protocol Negotiation Weakness).

Affected Products:

  • Hitachi JP1/Hi Command Device Manager 02.30
  • Hitachi JP1/Hi Command Device Manager 05.50
  • Hitachi JP1/Hi Command Tiered Storage Manager (Solaris) 4.3.0
  • Hitachi JP1/HiCommand Device Manager (Linux) 05.10
  • Hitachi JP1/HiCommand GlobalLink Availability Manager 05-00
  • Hitachi JP1/HiCommand Replication Monitor 04-00
  • Hitachi JP1/HiCommand Tiered Storage Manager 04-00
  • Hitachi JP1/HiCommand Tiered Storage Manager 05-30
  • Hitachi JP1/HiCommand Tiered Storage Manager 05-50
  • RedHat Red Hat Network Satellite (for RHEL 4) 5.1
  • RedHat Red Hat Network Satellite Server 4.2

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.