ID
VAR-201203-0592
TITLE
Hitachi IT Operations Products Unspecified Cross Site Scripting Vulnerability
Trust: 0.3
DESCRIPTION
Multiple Hitachi IT Operations Products are prone to an unspecified cross-site scripting vulnerability because they fail to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: Hitachi IT Operations Director Unspecified Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA48555 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48555/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48555 RELEASE DATE: 2012-03-26 DISCUSS ADVISORY: http://secunia.com/advisories/48555/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/48555/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=48555 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Hitachi IT Operations Director, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input is not properly sanitised before being returned to the user. The vulnerability is reported in versions 02-50-01 through 02-50-07 and 03-00 through 03-00-06. SOLUTION: Update or upgrade to version 03-00-07. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Hitachi (English): http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-010/index.html Hitachi (Japanese): http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-010/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . SOLUTION: Filter malicious characters and character sequences using a proxy
Trust: 0.45
AFFECTED PRODUCTS
| vendor: | hitachi | model: | it operations director | scope: | eq | version: | 03-00-06 | Trust: 0.3 |
| vendor: | hitachi | model: | it operations director | scope: | eq | version: | 03-00 | Trust: 0.3 |
| vendor: | hitachi | model: | it operations director | scope: | eq | version: | 02-50-07 | Trust: 0.3 |
| vendor: | hitachi | model: | it operations director | scope: | eq | version: | 02-50-06 | Trust: 0.3 |
| vendor: | hitachi | model: | it operations director | scope: | eq | version: | 02-50-01 | Trust: 0.3 |
| vendor: | hitachi | model: | it operations analyzer | scope: | eq | version: | 03-01 | Trust: 0.3 |
| vendor: | hitachi | model: | it operations analyzer | scope: | eq | version: | 02-53-02 | Trust: 0.3 |
| vendor: | hitachi | model: | it operations analyzer | scope: | eq | version: | 02-53 | Trust: 0.3 |
| vendor: | hitachi | model: | it operations analyzer | scope: | eq | version: | 02-51-01 | Trust: 0.3 |
| vendor: | hitachi | model: | it operations analyzer | scope: | eq | version: | 02-51 | Trust: 0.3 |
| vendor: | hitachi | model: | it operations analyzer | scope: | eq | version: | 02-01 | Trust: 0.3 |
| vendor: | hitachi | model: | it operations director | scope: | ne | version: | 03-00-07 | Trust: 0.3 |
THREAT TYPE
network
Trust: 0.3
TYPE
Input Validation Error
Trust: 0.3
EXTERNAL IDS
| db: | HITACHI | id: | HS12-010 | Trust: 0.5 |
| db: | BID | id: | 52705 | Trust: 0.3 |
| db: | SECUNIA | id: | 48555 | Trust: 0.2 |
| db: | SECUNIA | id: | 48556 | Trust: 0.2 |
| db: | PACKETSTORM | id: | 111197 | Trust: 0.1 |
| db: | PACKETSTORM | id: | 111188 | Trust: 0.1 |
REFERENCES
| url: | http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs12-010/index.html | Trust: 0.5 |
| url: | http://www.hitachi.com | Trust: 0.3 |
| url: | http://secunia.com/psi_30_beta_launch | Trust: 0.2 |
| url: | http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ | Trust: 0.2 |
| url: | http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs12-010/index.html | Trust: 0.2 |
| url: | http://secunia.com/vulnerability_intelligence/ | Trust: 0.2 |
| url: | http://secunia.com/advisories/secunia_security_advisories/ | Trust: 0.2 |
| url: | http://secunia.com/vulnerability_scanning/personal/ | Trust: 0.2 |
| url: | http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org | Trust: 0.2 |
| url: | http://secunia.com/advisories/about_secunia_advisories/ | Trust: 0.2 |
| url: | https://ca.secunia.com/?page=viewadvisory&vuln_id=48555 | Trust: 0.1 |
| url: | http://secunia.com/advisories/48555/#comments | Trust: 0.1 |
| url: | http://secunia.com/advisories/48555/ | Trust: 0.1 |
| url: | http://secunia.com/advisories/48556/ | Trust: 0.1 |
| url: | https://ca.secunia.com/?page=viewadvisory&vuln_id=48556 | Trust: 0.1 |
| url: | http://secunia.com/advisories/48556/#comments | Trust: 0.1 |
CREDITS
Reported by the vendor
Trust: 0.3
SOURCES
| db: | BID | id: | 52705 |
| db: | PACKETSTORM | id: | 111197 |
| db: | PACKETSTORM | id: | 111188 |
LAST UPDATE DATE
2022-05-17T22:39:29.752000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 52705 | date: | 2012-03-26T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 52705 | date: | 2012-03-26T00:00:00 |
| db: | PACKETSTORM | id: | 111197 | date: | 2012-03-26T04:03:47 |
| db: | PACKETSTORM | id: | 111188 | date: | 2012-03-26T01:43:26 |