Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2017.0465
Cross-site Scripting Vulnerability in uCosminexus Portal Framework,
Groupmax Collaboration, Hitachi Navigation Platform and
JP1/Navigation Platform
17 February 2017
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: uCosminexus Portal Framework
Groupmax Collaboration
Hitachi Navigation Platform
JP1/Navigation Platform
Publisher: Hitachi
Operating System: Linux variants
Windows
Impact/Access: Cross-site Scripting -- Remote with User Interaction
Resolution: Patch/Upgrade
Original Bulletin:
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-104/index.html
- --------------------------BEGIN INCLUDED TEXT--------------------
Cross-site Scripting Vulnerability in uCosminexus Portal Framework, Groupmax
Collaboration, Hitachi Navigation Platform and JP1/Navigation Platform
Update: February 17, 2017
A cross-site scripting vulnerability was found in uCosminexus Portal
Framework, Groupmax Collaboration, Hitachi Navigation Platform and
JP1/Navigation Platform.
Security Information ID
hitachi-sec-2017-104
Vulnerability description
A cross-site scripting vulnerability was found in uCosminexus Portal
Framework, Groupmax Collaboration, Hitachi Navigation Platform and
JP1/Navigation Platform.
Remote users can exploit this vulnerability to execute malicious scripts.
Affected products and versions are listed below. Please upgrade your version
to the appropriate version.
Affected products
The information is organized under the following headings:
(Example)
Product name: Gives the name of the affected product.
Version:
Platform
Gives the affected version.
Product name: uCosminexus Portal Framework
Version(s):
Windows
09-00 to 09-03, 08-00 to 08-70-/F, 07-00 to 07-60-/I, 06-00 to 06-30-/D
Linux
09-00 to 09-03, 08-02 to 08-70-/F, 07-60 to 07-60-/I
Product name: uCosminexus Portal Framework - Light
Version(s):
Windows
08-00 to 08-70-/F, 07-00 to 07-60-/I, 06-00 to 06-30-/D
Product name: Groupmax Collaboration Portal
Version(s):
Windows
07-32 to 07-91-/D
Product name: uCosminexus Collaboration Portal
Version(s):
Windows
06-20 to 06-87-/C
Product name: Groupmax Collaboration Web Client - Forum/File Sharing
Version(s):
Windows
07-00 to 07-91-/B
Product name: uCosminexus Collaboration Portal - Forum/File Sharing
Version(s):
Windows
06-20 to 06-87-/C
Product name: Groupmax Collaboration Web Client - Mail/Schedule
Version(s):
Windows
07-20 to 07-91-/D
Product name: Hitachi Navigation Platform
Version(s):
Windows
10-10 to 10-10-01, 10-00 to 10-00-01
Product name: Hitachi Navigation Platform for Developers
Version(s):
Windows
10-10 to 10-10-01, 10-00 to 10-00-01
Product name: JP1/Navigation Platform
Version(s):
Windows
11-00 to 11-00-01
Product name: JP1/Navigation Platform for Developers
Version(s):
Windows
11-00 to 11-00-01
Product name: JP1/Integrated Management - Navigation Platform
Version(s):
Windows
10-00 to 10-50-01, 09-50
Product name: uCosminexus Navigation Platform
Version(s):
Windows
09-00 to 09-60-/A, 08-00 to 08-70-/C
Product name: uCosminexus Navigation Developer
Version(s):
Windows
09-00 to 09-60-/A, 08-00 to 08-70-/C
Product name: uCosminexus Navigation Platform - User License
Version(s):
Windows
09-00 to 09-60-/A, 08-00 to 08-70-/C
Product name: uCosminexus Navigation Platform - Authoring License
Version(s):
Windows
09-00 to 09-60-/A, 08-00 to 08-70-/C
Fixed products
The information is organized under the following headings:
(Example)
Product name: Gives the name of the fixed product.
Version:
Platform
Gives the fixed version, and release date.
Scheduled version:
Platform
Gives the fixed version scheduled to be released.
Product name: uCosminexus Portal Framework
Version(s):
Windows
09-03-/A January 27, 2017
09-00-/C January 27, 2017
08-70-/G January 27, 2017
Linux
09-03-/A January 27, 2017
08-70-/G January 27, 2017
Product name: uCosminexus Portal Framework - Light
Version(s):
Windows
08-70-/G January 27, 2017
Product name: Groupmax Collaboration Portal
Version(s):
Windows
07-91-/E January 30, 2017
07-87-/H January 30, 2017
Product name: Groupmax Collaboration Web Client - Forum/File Sharing
Version(s):
Windows
07-91-/C January 30, 2017
07-87-/G January 30, 2017
Product name: Groupmax Collaboration Web Client - Mail/Schedule
Version(s):
Windows
07-91-/E January 30, 2017
07-87-/H January 30, 2017
Product name: Hitachi Navigation Platform
Version(s):
Windows
10-11 October 31, 2016
Product name: Hitachi Navigation Platform for Developers
Version(s):
Windows
10-11 October 31, 2016
Product name: JP1/Navigation Platform
Version(s):
Windows
11-01 October 31, 2016
Product name: JP1/Navigation Platform for Developers
Version(s):
Windows
11-01 October 31, 2016
For details on the fixed products, contact your Hitachi support service
representative.
Revision history
February 17, 2017
This page is released.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBWKZxLox+lLeg9Ub1AQi3GBAAnJKfej280fxZ3nsXSqib7/KEtiUAV2yc
+hqXRTXETYBKcTWVNoWV5WEWmJ887uQ7rZdyJCx2T9RDEOmhMpjSV4iYDYYOHb+L
Ec0jPtyDw6hqU3/gicAO7lRdu1is36agTvOTaLJsq5iE3fVewBUxOIMeyR4sVrHy
27agMOkD6zpPpQURl8r/6p3G9HTP/euzFG0YJpGHKX9eoY7aqtnW5Qn+bqlJRdJd
t8TKYTcYDk3HriCKeTd3p7BMLrPOb2JAOQqLP8ao636Hg+ER0/1KRAiAmH6uN3X2
B7EcHG5uKyR0aLuajcgyQ9oJwcQlXVzkTIiDCqqWnwV/9eREMk54nmAw/QxgPxQO
XSnstF7LKQ8geiEJKfZ7kzn0yCjwTJ5tPLIDPDQIzQYGs+PhnQZvzpqaP8gf+Lgb
PDrE7HpKS2SinqAeVDwHtORlG82mEDXOHbFBL8GMCQAlYVuuWbBlkClloBWeR1r3
IAzqn14A7AJYi+5PvzZwrVOQTrLqtru/gmbFEMhe8Ahx+HNRdS3MrlaUhkXFO6rR
A+ajMd9w3rkzQMrfHO7Z68krgZYPc4PbU0deRHs9B1xsZFjG52iLQCQnXhV56M2y
co/DyqjqO1NMV0pnllDhjmm//SU96PQ31oZ7FhLAZoRX2ZW1YOf1uOCnguBbHs9k
xF3ZdYuL+cs=
=zxiI
-----END PGP SIGNATURE-----