Hitachi Multiple IT Operations Products Unspecified Cross-Site Scripting Vulnerability

Bugtraq ID:	51340
Class:	Input Validation Error
CVE:	CVE-2012-0917 CVE-2012-0919
Remote:	Yes
Local:	No
Published:	Jan 10 2012 12:00AM
Updated:	Mar 19 2015 07:34AM
Credit:	The vendor reported this issue
Vulnerable:	Hitachi IT Operations Director 03-00-04 Hitachi IT Operations Director 03-00 Hitachi IT Operations Director 02-50-07 Hitachi IT Operations Director 02-50-06 Hitachi IT Operations Director 02-50-01 Hitachi IT Operations Analyzer 02-53-02 Hitachi IT Operations Analyzer 02-53-01 Hitachi IT Operations Analyzer 02-53 Hitachi IT Operations Analyzer 02-51-01 Hitachi IT Operations Analyzer 02-51 Hitachi IT Operations Analyzer 02-01
Not Vulnerable:	Hitachi IT Operations Director 03-00-06

Hitachi Multiple IT Operations Products Unspecified Cross-Site Scripting Vulnerability

Multiple Hitachi IT Operations Products are prone to an unspecified cross-site scripting vulnerability because they fail to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Hitachi Multiple IT Operations Products Unspecified Cross-Site Scripting Vulnerability

An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.

Hitachi Multiple IT Operations Products Unspecified Cross-Site Scripting Vulnerability

Solution:
Vendor updates are available. Please see the references for more information.

Hitachi Multiple IT Operations Products Unspecified Cross-Site Scripting Vulnerability

References:

• Cross-site Scripting Vulnerability in Hitachi IT Operations Products (Hitachi)
  
• Hitachi Homepage (Hitachi)
  
• Hitachi IT Operations Productpage (Hitachi)