Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2012.0094 Multiple Vulnerabilities in Hitachi Command Suite Products 25 June 2012 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Hitachi Device Manager Software Hitachi Tiered Manager Software Hitachi Replication Manager Software Operating System: Windows Solaris Linux variants Impact/Access: Cross-site Scripting -- Remote with User Interaction Denial of Service -- Unknown/Unspecified Resolution: Patch/Upgrade Member content until: Wednesday, July 25 2012 OVERVIEW Multiple vulnerabilities have been fixed in Hitachi Device Manager Software and Tiered Storage Manager Software, and a denial of service vulnerability has been fixed in Replication Manager Software 7.3.0-00. IMPACT Hitachi has the following information on their website: "A cross-site scripting vulnerability was found in Hitachi Command Suite Products. Remote users can exploit this vulnerability to execute malicious scripts." [1] The affected products are Hitachi Device Manager Software and Tiered Storage Manager Software 7.0.0-00 as well as Hitachi Replication Manager Software 6.2.0-00. [1] "A vulnerability to denial-of-service attacks was found in some Hitachi Command Suite products." [2] The affected products are Hitachi Device Manager Software 7.0.0-00 and Tiered Storage Manager Software 7.1.1-00. [2] MITIGATION The vulnerabilities are fixed in version 7.3.0-00 of the affected products. REFERENCES [1] Cross-site Scripting Vulnerability in Hitachi Command Suite Products http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-017/index.html [2] DoS Vulnerability in Hitachi Command Suite Products http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-018/index.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBT+fAie4yVqjM2NGpAQJc7BAAsoOGGyc49PLeVlwX/2R6hkip+eC3rZN1 TBwhvAUg/sR1meiIMTO3Ow9zoUprPLxGO7P10ySduCjtI9qOgTDVJrPaoM8bG8sV Nt1CNtNLMjWJnYvUj1YSPOopNub1QIh8IHl8MGcLphZ+Or9+mkgElLm/hWlE85FA EDuQJ9zLthTfM3gQoPsYwaEEHGrxcz3S5DlznSB5vWLdE90/8CDYWU2imYXh9B44 7fYObmKhT/30s84m8/i7UWOEnk3P+6nRaX+FRYrlZMwqI7EEDJVDAasSYRfIo/cs GSQ+ioataSclsZIn30FzqlZx+T80vWwXwq1v0Pfhb15OEa0b1L+oFhuWxMeS3nNu qj1GOqH/hFS628sWWYaD7yf/Obaa0I+HQe0Ej203E6xL1W4hlaSbTwXIOdvCPnAk AWeO2EWUtxlNk+BXI1GFiGbgJta/Jy8zSK9di7a+R+fPm28UX16O2ztRMDYFvZUf 7H1wHs7uetmaaTn8nI53MxAlOSFbPGNBAFQhh6C6r0Owd0sFOHrfHaFmTRZQEn7A +xzeai4SOWnBmLd2fRaM1IfD6/BtvLJnlTcNStGx8gb0M9cswORrrhMFjgoHvaQw b8JFli4FDL8oWux6JiAOYmA+OVjhrJDde8YCu9QC1M2poezsh/vgBuPbnSN+p+zu QlA7wzGswQg= =vRgv -----END PGP SIGNATURE-----