Hitachi JP1/IT Desktop Management - Manager Multiple Vulnerabilities

Bugtraq ID:	53175
Class:	Unknown
CVE:
Remote:	Yes
Local:	No
Published:	Apr 20 2012 12:00AM
Updated:	Apr 20 2012 12:00AM
Credit:	Hitachi
Vulnerable:	Hitachi JP1/IT Desktop Management - Manager 09-50-01 (Windows) Hitachi JP1/IT Desktop Management - Manager 09-50 (Windows)
Not Vulnerable:	Hitachi JP1/IT Desktop Management - Manager 09-50-02 (Windows)

Hitachi JP1/IT Desktop Management - Manager Multiple Vulnerabilities

JP1/IT Desktop Management - Manager is prone to a denial-of-service vulnerability and a cross-site scripting vulnerability.

An attacker can exploit these issues to cause denial-of-service conditions or to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site and steal cookie-based authentication credentials.

JP1/IT Desktop Management - Manager versions 09-50 and 09-50-01 are affected.

Hitachi JP1/IT Desktop Management - Manager Multiple Vulnerabilities

An attacker can exploit the denial-of-service issue with a browser. To exploit a cross-site scripting vulnerability, the attacker must entice a victim user to follow a malicious URI.

Hitachi JP1/IT Desktop Management - Manager Multiple Vulnerabilities

Solution:
The vendor has released an update. Please see the references for details.

Hitachi JP1/IT Desktop Management - Manager Multiple Vulnerabilities

References:

• Hitachi Homepage (Hitachi)
  
• Multiple vulnerabilities in Manager - JP1/IT Desktop Management (Hitachi)