EF & E-Series, SANtricity, and Related Plug-ins

cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

EF & E-Series, SANtricity, and Related Plug-ins

Ask a Question

Looking for old log4j santricity doc

DouglasNelson
‎2024-09-27 11:21 AM
1,697 Views

Hi,

   We decommissioned an old e5660 and at the time we recall that we were told that we had to also delete the supporting version of santricity due to the log4j issue and the fact that NetApp would not be patching the old EOS version of Santricity that supported the EOS e5660.

   We are now (much later) being challenged to provide doc showing that the software supporting the E5660 had the log4j bug and was not going to be patched due to being EOS. Of course being EOS and decommed, the serial # is useless for opening a ticket. 🙂

   Any docs backing us up would be greatly appreciated. Thanks

0 Kudos
View By:
Tags (1)
1 ACCEPTED SOLUTION
DouglasNelson has accepted the solution

AlexDawson
A-Team Tech Advisor A-Team Tech Advisor
‎2024-09-29 08:53 PM
1,615 Views

Hi there,

 

I don't see Santricity listed under any of the CVEs related to log4j on security.netapp.com - however there is a security vulnerability in Santricity 8.40 with regards to TCP sequence prediction - https://security.netapp.com/advisory/ntap-20190802-0001/

View solution in original post

6 REPLIES 6
DouglasNelson has accepted the solution

AlexDawson
A-Team Tech Advisor A-Team Tech Advisor
‎2024-09-29 08:53 PM
1,616 Views

Hi there,

 

I don't see Santricity listed under any of the CVEs related to log4j on security.netapp.com - however there is a security vulnerability in Santricity 8.40 with regards to TCP sequence prediction - https://security.netapp.com/advisory/ntap-20190802-0001/

kryan
NetApp
‎2024-09-30 07:52 AM
1,597 Views

I agree with Alex - there is no evidence that SANtricity 8.x or 11.x shipped log4j.

 

Perhaps it was the VxWorks issue that led to the decommissioning.

0 Kudos

ahmadm
NetApp
‎2024-09-30 01:35 PM
1,578 Views

SANtricity Storage Manager was not affected by Log4j issue.

0 Kudos

elementx
NetApp
‎2024-09-30 08:47 PM
1,552 Views

> Any docs backing us up would be greatly appreciated.

 

E-Series and SANtricity were affected. See in Affected Products tab.

https://security.netapp.com/advisory/ntap-20211210-0007/

 

> the fact that NetApp would not be patching the old EOS version of Santricity that supported the EOS e5660.

 

Unless you find a post-CVE-dated update for both affected components that support E5600 in Downloads, then there's been no updates i.e. the fixes never made it in.

0 Kudos

AlexDawson
A-Team Tech Advisor A-Team Tech Advisor
‎2024-10-01 01:09 AM
In response to elementx
1,522 Views

My reading of that advisory is different to yours. Can I ask you to check again?

0 Kudos

elementx
NetApp
‎2024-10-01 03:03 AM
In response to AlexDawson
1,505 Views

Yep, not affected. CTRL+F got me, didn't see that "Not affected" header.

0 Kudos
Announcements
All Community Forums
Public