-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2012.0072
        Multiple vulnerabilities have been identified in Hitachi IT
                            Operations Director
                                15 May 2012

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Hitachi IT Operations Director
Operating System:     Windows
Impact/Access:        Cross-site Scripting -- Remote with User Interaction
                      Denial of Service    -- Unknown/Unspecified         
Resolution:           Patch/Upgrade
Member content until: Thursday, June 14 2012

OVERVIEW

        Multiple vulnerabilities have been identified in Hitachi IT Operations 
        Director for Windows versions 02-50-01 through to 02-50-07 and 03-00 
        through to 03-00-07.


IMPACT

        The vendor has provided the following details regarding these 
        vulnerabilities which have been assigned Vulnerability ID HS12-014:
        
        "Multiple vulnerabilities were found in Hitachi IT Operations Director. 
        
        * A cross-site scripting vulnerability
        
        * A vulnerability to denial-of-service attacks" [1]


MITIGATION

        The vendor recommends upgrading to the latest versions of these 
        products to correct this issue. [1]


REFERENCES

        [1] Multiple vulnerabilities in Hitachi IT Operations Director
            http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-014/index.html

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBT7Gveu4yVqjM2NGpAQJiZhAAmswn6OjJlRNOhrKCTTzJQNPm2n0NKKm7
03pQddCTAfCurHXFFiDUh1/95vd6BWPK6tDKiMOHZrdzu7Po/oELKE9PtuWsOGz/
Q28/sL5tkUQC2poDiyaKP/PPleF84JvHzOV/uPNx37rGwZiqokDpm5fkCzVEcfJP
j5X1+MBEgwaG17oRYXwitBIF/c0d6tDqEqKipxUS8drvQsh4+FAfB7KU6UiAXF30
lFBdnhvxYKmDc1wnIooSfwsoVYSJS5L5M39J7P8B+E8VWbW9AuhbIN8tvFjonICK
SdSsyyx0L/GGwr7SJrcUxsJ3OF9PS022iLlMm7eXu1RIcq2MuvkzNWEW1sjO65Rp
eEkATrkHBdjPfE6m+XGidiBnoZlUlP5SVaMvHpm35MwbF+qz/Wg0eJvSfILQstPF
q3NyFB6T7PprZtTlkx7CpmrNkcrKOE1vVs0ktfYn8triWuorAnKqkNaxuXK14zv3
kJN0yyL4UPwlDLOJ05/718Qv910ATzwdmqgQ7LKQoQm4g0LzQvFoZE1oEwnmRZWZ
EcDh41hlG6d5oAgcMxwOO/xKqKMg+P9e1yAKwVd6VsFdLXuU/vqnv+JClBAjRHcL
ohSMjnOeSmwiYLAAj+3jgljPtnyW4Plj71JGQGddsr+zMUy1WFy4Tl9KbX3ldUZw
XZTkuYHdioY=
=+hFz
-----END PGP SIGNATURE-----