Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2013.0023 Multiple Vulnerabilities in Hitachi Tuning Manager and JP1/Performance Management 20 February 2013 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Hitachi Tuning Manager JP1/Performance Management Operating System: Windows Solaris Linux variants HP-UX AIX Impact/Access: Cross-site Scripting -- Existing Account Cross-site Request Forgery -- Existing Account Resolution: Patch/Upgrade Member content until: Thursday, March 21 2013 OVERVIEW Multiple vulnerabilities have been identified in Hitachi Tuning Manager, JP1/Performance Management - Web Console, and JP1/Performance Management - Manager Web Option. [1] IMPACT The vendor has provided the following details regarding these vulnerabilities: "Cross-site scripting and cross-site request forgery vulnerabilities were found in Hitachi Tuning Manager, JP1/Performance Management - Web Console, and JP1/Performance Management - Manager Web Option. These vulnerabilities allow users to add malicious scripts to web pages of these products. These vulnerabilities can not be exploited, unless logging in these products." [1] MITIGATION The vendor recommends upgrading to the latest appropriate version to correct this issue. [1] REFERENCES [1] Multiple Vulnerabilities in Hitachi Tuning Manager, JP1/Performance Management - Web Console, and JP1/Performance Management - Manager Web Option http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-003/index.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUSRRgO4yVqjM2NGpAQLNCQ/9FHIu5n9R9caxNiaKJ7I/l2sQiYMAc9CC DGvotceTTxZCz/15i3lJP2wgzih6aivSd1j9RCtil1m9wKU9haRHoY8r67tkIpRO wR2cBakzJGMOSibC+nyAA1dzvHZ1YFEE9Vq19/PWRwcvj6BDEhYiBDf10RieiG/Y Zw6yyD8N+9lXINgXlNnx/b56s6tCO9M684TQRZRje6s7OglBsUa5icUitM4h9dkv nwS7iqrc7xqbMxuHvepjA9qkcOqF/yY5hzDeAjrzcPU+FB9nPeoiLfe/9tzjXXyw hYdMYemvDamDZXRw0T0QYJ22zNh2NEkNEyXqGrsT4331tOvT06o80UIyWM5PQn4a tGFgLxHaLdSC6ERJezjBER6xmnVhMpU7WQ2A/21VZwXwHEfOxg5DszCx3Zn5PpXW P5h/TJD5a7EPtgGKiAOmWUOQXAnnwAaw2ghZ0QoO9DfI35JA/cUTHHdBdY24K/Lc X40LPeA+Gvi+S3LeUdNu4ixp/9wsNcEeMCKIny0UVpfnPQqZ0LNX1hK000011Xd9 CpQgsT+89isND43ch4X3gTsFvwPBCnHsG7lygCAagrd6JPuvl7N9nv/9aqfgWNSD hatw+OssYqmMgMUsrsAHg4C+5pas4qAKiurUBGolOIDloQnGoOu9Y1hWTIm6lAzW gRQJjZLsQZA= =YQ5e -----END PGP SIGNATURE-----