Headline
CVE-2021-42370: Storage Monitoring EMC² IBM Hitachi HPE NetApp Lenovo
A password mismanagement situation exists in XoruX LPAR2RRD and STOR2RRD before 7.30 because cleartext information is present in HTML password input fields in the device properties. (Viewing the passwords requires configuring a web browser to display HTML password input fields.)
Announcements
7.30****Support for new storage systems
- Dell EMC² PowerStore
- IBM Spectrum Scale (GPFS)
- Infinidat InfiniGuard
- Microsoft Storage Spaces Direct
Further enhancements
- HPE Primera, 3PAR: reimplemented using REST API instead of 3PAR CLI
- HPE Primera, 3PAR: added detailed capacity for Tier, Pool, Volume and Disk
- Hitachi VSP G/E/F HUS-VM: support for Hitachi Configuration Manager as a replacement for the Hitachi CCI and storage REST API
- DataCore Server Group: automatic switch to active server in case of failure
- SAN switch: added PCS error metric
- Dell EMC Isilon: quota monitoring GUI ➡ STORAGE ➡ <storage alias> ➡ Configuration ➡ (tab Quota)
- Security fixes
- CVE-2021-42372: Input field SNMP community string in “UI ➡ Alerting ➡ Options HW event” was not properly handled what could lead to remote command injection
- CVE-2021-42371: Docker does not contain hardcoded password for lpar2rrd user
- CVE-2021-42370: The UI does not contain plain password in HTML “password” input fields in the device properties
Announcement list
Use this form to sign up for new STOR2RRD announcements, upgrade and service emails.