Hitachi IT Operations Director Cross-Site Scripting and Denial of Service Vulnerabilities

Bugtraq ID:	53504
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	May 14 2012 12:00AM
Updated:	May 14 2012 12:00AM
Credit:	The vendor reported these issues.
Vulnerable:	Hitachi IT Operations Director 03-00-07 Hitachi IT Operations Director 03-00-06 Hitachi IT Operations Director 03-00-04 Hitachi IT Operations Director 03-00 Hitachi IT Operations Director 02-50-07 Hitachi IT Operations Director 02-50-06 Hitachi IT Operations Director 02-50-01
Not Vulnerable:	Hitachi IT Operations Director 03-00-08

Hitachi IT Operations Director Cross-Site Scripting and Denial of Service Vulnerabilities

Hitachi IT Operations Director is prone to a cross-site scripting vulnerability and a denial-of-service vulnerability because it fails to properly handle user-supplied input.

An attacker may leverage these issues to cause denial-of-service conditions or to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Hitachi IT Operations Director Cross-Site Scripting and Denial of Service Vulnerabilities

To exploit the cross-site scripting issues, an attacker must entice an unsuspecting user to follow a malicious URI.

Hitachi IT Operations Director Cross-Site Scripting and Denial of Service Vulnerabilities

Solution:
Updates are available. Please see the reference for more details.

Hitachi IT Operations Director Cross-Site Scripting and Denial of Service Vulnerabilities

References:

• Hitachi Homepage (Hitachi)
  
• Hitachi IT Operations Productpage (Hitachi)
  
• Multiple vulnerabilities in Hitachi IT Operations Director (Hitachi)