Details of VAR-200712-0490

ID

VAR-200712-0490

TITLE

Hitachi JP1/Cm2/Network Node Manager Unspecified Cross-Site Scripting Vulnerability

Trust: 0.3

sources: BID: 26667

DESCRIPTION

Hitachi JP1/Cm2/Network Node Manager are prone to a cross-site scripting vulnerability because the software fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. Certain unspecified input is not properly sanitised before being returned to the user. Please see the vendor's advisory for a list of affected products and versions. SOLUTION: Please see the vendor's advisory for fix information. PROVIDED AND/OR DISCOVERED BY: The vendor credits Nobuhiro Tsuji of NTT Data Security Corporation. ORIGINAL ADVISORY: http://www.hitachi-support.com/security_e/vuls_e/HS07-040_e/index-e.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 0.36

sources: BID: 26667 // PACKETSTORM: 61399

AFFECTED PRODUCTS

vendor:	hitachi	model:	jp1/cm2/network node manager	scope:	eq	version:	07-04	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-12	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-18	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-14	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-65	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager starter ed enterprise	scope:	eq	version:	08-00-02	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-32	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager 05-20-/a	scope:	eq	version:	250	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-47	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-45	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager	scope:	eq	version:	07-10-05	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager	scope:	eq	version:	07-06	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager starter edition	scope:	eq	version:	25008-00-02	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-25	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-60	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-56	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-44	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-58	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise 06-71-/a	scope:	-	version:	-	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise 06-50-/a	scope:	-	version:	-	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-28	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-66	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise 05-20-/d	scope:	-	version:	-	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-31	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise 06-71-/c	scope:	-	version:	-	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-01	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-51	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-30	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager	scope:	eq	version:	07-03	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-16	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-05	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-00	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager	scope:	eq	version:	07-10-01	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-55	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-38	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-37	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-39	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-19	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-27	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager	scope:	eq	version:	07-10-02	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-20	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-07	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager	scope:	eq	version:	07-02	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager	scope:	eq	version:	07-08	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager	scope:	eq	version:	07-01	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-33	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-70	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-54	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager starter ed enterprise	scope:	eq	version:	08-00-01	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager starter ed	scope:	eq	version:	25008-00-01	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-46	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise 05-20-/c	scope:	-	version:	-	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-35	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-62	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-02	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-10	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager	scope:	eq	version:	07-09	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-40	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-15	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-06	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise 05-20-/a	scope:	-	version:	-	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-17	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager 05-20-/c	scope:	eq	version:	250	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager 05-20-/b	scope:	eq	version:	250	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager 05-20-/e	scope:	eq	version:	250	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-42	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-49	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager	scope:	eq	version:	07-00	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-69	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise 05-20-/e	scope:	-	version:	-	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager	scope:	eq	version:	07-10-04	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-52	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-03	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-67	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-61	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise 06-71-/b	scope:	-	version:	-	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-68	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager	scope:	eq	version:	07-07	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-24	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-04	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-13	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-08	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-26	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-43	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager	scope:	eq	version:	07-05	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager	scope:	eq	version:	07-10-03	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-34	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-64	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise 05-20-/b	scope:	-	version:	-	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-41	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager 05-20-/d	scope:	eq	version:	250	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-11	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-09	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-48	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-23	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-53	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-22	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-21	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-29	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-59	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-63	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager	scope:	eq	version:	07-10	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-36	Trust: 0.9
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	06-57	Trust: 0.6
vendor:	hitachi	model:	cm2/network node manager enterprise	scope:	eq	version:	05-00	Trust: 0.6
vendor:	hitachi	model:	jp1/cm2/network node manager starter ed	scope:	eq	version:	25008-00	Trust: 0.6
vendor:	hitachi	model:	cm2/network node manager	scope:	eq	version:	25005-00	Trust: 0.6
vendor:	hitachi	model:	jp1/cm2/network node manager starter ed enterprise	scope:	eq	version:	08-00	Trust: 0.6
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise 06-71-/d	scope:	-	version:	-	Trust: 0.6
vendor:	hitachi	model:	jp1/cm2/network node manager starter ed enterprise solaris	scope:	ne	version:	08-00-03	Trust: 0.3
vendor:	hitachi	model:	jp1/cm2/network node manager 05-20-/f	scope:	eq	version:	250	Trust: 0.3
vendor:	hitachi	model:	jp1/cm2/network node manager starter ed enterprise (hp-ux(pa-r	scope:	eq	version:	08-00-02	Trust: 0.3
vendor:	hitachi	model:	jp1/cm2/network node manager hp-ux	scope:	ne	version:	07-10-06	Trust: 0.3
vendor:	hitachi	model:	jp1/cm2/network node manager windows	scope:	ne	version:	07-10-06	Trust: 0.3
vendor:	hitachi	model:	jp1/cm2/network node manager starter edition windows	scope:	ne	version:	25008-00-03	Trust: 0.3
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise 06-57	scope:	-	version:	-	Trust: 0.3
vendor:	hitachi	model:	cm2/network node manager enterprise 05-00-/b	scope:	-	version:	-	Trust: 0.3
vendor:	hitachi	model:	jp1/cm2/network node manager starter edition pa-risc	scope:	ne	version:	25008-00-03	Trust: 0.3
vendor:	hitachi	model:	jp1/cm2/network node manager starter ed (hp-ux(pa-r	scope:	eq	version:	25008-00-01	Trust: 0.3
vendor:	hitachi	model:	jp1/cm2/network node manager starter ed 08-00 )	scope:	eq	version:	250	Trust: 0.3
vendor:	hitachi	model:	jp1/cm2/network node manager starter ed )	scope:	eq	version:	25008-00	Trust: 0.3
vendor:	hitachi	model:	jp1/cm2/network node manager starter ed enterprise (hp-ux(pa-r	scope:	eq	version:	08-00-01	Trust: 0.3
vendor:	hitachi	model:	jp1/cm2/network node manager starter ed enterprise )	scope:	eq	version:	08-00	Trust: 0.3
vendor:	hitachi	model:	jp1/cm2/network node manager starter edition (hp-ux(pa-r	scope:	eq	version:	25008-00-02	Trust: 0.3
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise 05-20-/f	scope:	-	version:	-	Trust: 0.3
vendor:	hitachi	model:	cm2/network node manager	scope:	eq	version:	2500	Trust: 0.3
vendor:	hitachi	model:	jp1/cm2/network node manager starter edition hp-ux	scope:	ne	version:	25008-00-03	Trust: 0.3
vendor:	hitachi	model:	jp1/cm2/network node manager starter edition solaris	scope:	ne	version:	25008-00-03	Trust: 0.3
vendor:	hitachi	model:	cm2/network node manager enterprise 05-00-/c	scope:	-	version:	-	Trust: 0.3
vendor:	hitachi	model:	jp1/cm2/network node manager enterprise	scope:	eq	version:	0	Trust: 0.3
vendor:	hitachi	model:	cm2/network node manager enterprise 05-00-/a	scope:	-	version:	-	Trust: 0.3
vendor:	hitachi	model:	jp1/cm2/network node manager starter ed enterprise (hp-ux(pa-risc	scope:	eq	version:	08-00	Trust: 0.3
vendor:	hitachi	model:	jp1/cm2/network node manager starter ed enterprise hp-ux	scope:	ne	version:	08-00-03	Trust: 0.3
vendor:	hitachi	model:	jp1/cm2/network node manager starter ed (hp-ux(pa-risc	scope:	eq	version:	25008-00	Trust: 0.3
vendor:	hitachi	model:	jp1/cm2/network node manager starter ed enterprise pa-risc	scope:	ne	version:	08-00-03	Trust: 0.3
vendor:	hitachi	model:	cm2/network node manager 05-00-/a	scope:	eq	version:	250	Trust: 0.3
vendor:	hitachi	model:	jp1/cm2/network node manager solaris	scope:	ne	version:	07-10-06	Trust: 0.3

sources: BID: 26667

THREAT TYPE

network

Trust: 0.3

sources: BID: 26667

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 26667

EXTERNAL IDS

db:	HITACHI	id:	HS07-040	Trust: 0.4
db:	BID	id:	26667	Trust: 0.3
db:	SECUNIA	id:	27883	Trust: 0.2
db:	PACKETSTORM	id:	61399	Trust: 0.1

sources: BID: 26667 // PACKETSTORM: 61399

REFERENCES

url:	http://www.hitachi-support.com/security_e/vuls_e/hs07-040_e/index-e.html	Trust: 0.4
url:	http://www.hds.com/products/storage-software/hitachi-device-manager.html	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/product/9570/	Trust: 0.1
url:	http://secunia.com/advisories/27883/	Trust: 0.1
url:	http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: BID: 26667 // PACKETSTORM: 61399

CREDITS

The vendor disclosed this issue.

Trust: 0.3

sources: BID: 26667

SOURCES

db:	BID	id:	26667
db:	PACKETSTORM	id:	61399

LAST UPDATE DATE

2022-05-17T02:09:22.651000+00:00

SOURCES UPDATE DATE

db:

BID

id:

26667

date:

2007-12-03T17:43:00

SOURCES RELEASE DATE

db:	BID	id:	26667	date:	2007-12-01T00:00:00
db:	PACKETSTORM	id:	61399	date:	2007-12-02T20:29:26