Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.0465 Cross-site Scripting Vulnerability in uCosminexus Portal Framework, Groupmax Collaboration, Hitachi Navigation Platform and JP1/Navigation Platform 17 February 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: uCosminexus Portal Framework Groupmax Collaboration Hitachi Navigation Platform JP1/Navigation Platform Publisher: Hitachi Operating System: Linux variants Windows Impact/Access: Cross-site Scripting -- Remote with User Interaction Resolution: Patch/Upgrade Original Bulletin: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-104/index.html - --------------------------BEGIN INCLUDED TEXT-------------------- Cross-site Scripting Vulnerability in uCosminexus Portal Framework, Groupmax Collaboration, Hitachi Navigation Platform and JP1/Navigation Platform Update: February 17, 2017 A cross-site scripting vulnerability was found in uCosminexus Portal Framework, Groupmax Collaboration, Hitachi Navigation Platform and JP1/Navigation Platform. Security Information ID hitachi-sec-2017-104 Vulnerability description A cross-site scripting vulnerability was found in uCosminexus Portal Framework, Groupmax Collaboration, Hitachi Navigation Platform and JP1/Navigation Platform. Remote users can exploit this vulnerability to execute malicious scripts. Affected products and versions are listed below. Please upgrade your version to the appropriate version. Affected products The information is organized under the following headings: (Example) Product name: Gives the name of the affected product. Version: Platform Gives the affected version. Product name: uCosminexus Portal Framework Version(s): Windows 09-00 to 09-03, 08-00 to 08-70-/F, 07-00 to 07-60-/I, 06-00 to 06-30-/D Linux 09-00 to 09-03, 08-02 to 08-70-/F, 07-60 to 07-60-/I Product name: uCosminexus Portal Framework - Light Version(s): Windows 08-00 to 08-70-/F, 07-00 to 07-60-/I, 06-00 to 06-30-/D Product name: Groupmax Collaboration Portal Version(s): Windows 07-32 to 07-91-/D Product name: uCosminexus Collaboration Portal Version(s): Windows 06-20 to 06-87-/C Product name: Groupmax Collaboration Web Client - Forum/File Sharing Version(s): Windows 07-00 to 07-91-/B Product name: uCosminexus Collaboration Portal - Forum/File Sharing Version(s): Windows 06-20 to 06-87-/C Product name: Groupmax Collaboration Web Client - Mail/Schedule Version(s): Windows 07-20 to 07-91-/D Product name: Hitachi Navigation Platform Version(s): Windows 10-10 to 10-10-01, 10-00 to 10-00-01 Product name: Hitachi Navigation Platform for Developers Version(s): Windows 10-10 to 10-10-01, 10-00 to 10-00-01 Product name: JP1/Navigation Platform Version(s): Windows 11-00 to 11-00-01 Product name: JP1/Navigation Platform for Developers Version(s): Windows 11-00 to 11-00-01 Product name: JP1/Integrated Management - Navigation Platform Version(s): Windows 10-00 to 10-50-01, 09-50 Product name: uCosminexus Navigation Platform Version(s): Windows 09-00 to 09-60-/A, 08-00 to 08-70-/C Product name: uCosminexus Navigation Developer Version(s): Windows 09-00 to 09-60-/A, 08-00 to 08-70-/C Product name: uCosminexus Navigation Platform - User License Version(s): Windows 09-00 to 09-60-/A, 08-00 to 08-70-/C Product name: uCosminexus Navigation Platform - Authoring License Version(s): Windows 09-00 to 09-60-/A, 08-00 to 08-70-/C Fixed products The information is organized under the following headings: (Example) Product name: Gives the name of the fixed product. Version: Platform Gives the fixed version, and release date. Scheduled version: Platform Gives the fixed version scheduled to be released. Product name: uCosminexus Portal Framework Version(s): Windows 09-03-/A January 27, 2017 09-00-/C January 27, 2017 08-70-/G January 27, 2017 Linux 09-03-/A January 27, 2017 08-70-/G January 27, 2017 Product name: uCosminexus Portal Framework - Light Version(s): Windows 08-70-/G January 27, 2017 Product name: Groupmax Collaboration Portal Version(s): Windows 07-91-/E January 30, 2017 07-87-/H January 30, 2017 Product name: Groupmax Collaboration Web Client - Forum/File Sharing Version(s): Windows 07-91-/C January 30, 2017 07-87-/G January 30, 2017 Product name: Groupmax Collaboration Web Client - Mail/Schedule Version(s): Windows 07-91-/E January 30, 2017 07-87-/H January 30, 2017 Product name: Hitachi Navigation Platform Version(s): Windows 10-11 October 31, 2016 Product name: Hitachi Navigation Platform for Developers Version(s): Windows 10-11 October 31, 2016 Product name: JP1/Navigation Platform Version(s): Windows 11-01 October 31, 2016 Product name: JP1/Navigation Platform for Developers Version(s): Windows 11-01 October 31, 2016 For details on the fixed products, contact your Hitachi support service representative. Revision history February 17, 2017 This page is released. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWKZxLox+lLeg9Ub1AQi3GBAAnJKfej280fxZ3nsXSqib7/KEtiUAV2yc +hqXRTXETYBKcTWVNoWV5WEWmJ887uQ7rZdyJCx2T9RDEOmhMpjSV4iYDYYOHb+L Ec0jPtyDw6hqU3/gicAO7lRdu1is36agTvOTaLJsq5iE3fVewBUxOIMeyR4sVrHy 27agMOkD6zpPpQURl8r/6p3G9HTP/euzFG0YJpGHKX9eoY7aqtnW5Qn+bqlJRdJd t8TKYTcYDk3HriCKeTd3p7BMLrPOb2JAOQqLP8ao636Hg+ER0/1KRAiAmH6uN3X2 B7EcHG5uKyR0aLuajcgyQ9oJwcQlXVzkTIiDCqqWnwV/9eREMk54nmAw/QxgPxQO XSnstF7LKQ8geiEJKfZ7kzn0yCjwTJ5tPLIDPDQIzQYGs+PhnQZvzpqaP8gf+Lgb PDrE7HpKS2SinqAeVDwHtORlG82mEDXOHbFBL8GMCQAlYVuuWbBlkClloBWeR1r3 IAzqn14A7AJYi+5PvzZwrVOQTrLqtru/gmbFEMhe8Ahx+HNRdS3MrlaUhkXFO6rR A+ajMd9w3rkzQMrfHO7Z68krgZYPc4PbU0deRHs9B1xsZFjG52iLQCQnXhV56M2y co/DyqjqO1NMV0pnllDhjmm//SU96PQ31oZ7FhLAZoRX2ZW1YOf1uOCnguBbHs9k xF3ZdYuL+cs= =zxiI -----END PGP SIGNATURE-----