Sign-up

ID

VAR-201212-0377


TITLE

Hitachi Collaboration Product Cross-Site Scripting Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2012-9342

DESCRIPTION

Hitachi Collaboration is a collaboration solution. Hitachi Collaboration has a cross-site scripting vulnerability. Because part of the input passed to the application lacks filtering before being returned to the user, allowing an attacker to use the vulnerability to inject arbitrary HTML and script code to obtain sensitive information or hijack user sessions. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. The following Hitachi Collaboration products are vulnerable: Groupmax Collaboration Portal uCosminexus Collaboration Portal Groupmax Collaboration Web Client - Forum / File Sharing uCosminexus Collaboration Portal - Forum / File Sharing Groupmax Collaboration Web Client - Mail / Schedule. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Hitachi Collaboration Products Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA51630 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51630/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51630 RELEASE DATE: 2012-12-26 DISCUSS ADVISORY: http://secunia.com/advisories/51630/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51630/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51630 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in some Hitachi Collaboration products, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input is not properly sanitised before being returned to the user. Please see the vendor's advisory for a list of affected products. SOLUTION: Apply updates (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Hitachi (HS12-029): http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-029/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 0.9

sources: CNVD: CNVD-2012-9342 // BID: 57052 // PACKETSTORM: 119094

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2012-9342

AFFECTED PRODUCTS

vendor:hitachimodel:groupmax collaboration portalscope:eqversion:7.x

Trust: 0.6

vendor:hitachimodel:groupmax collaboration web client forum/file sharingscope:eqversion:-7.x

Trust: 0.6

vendor:hitachimodel:groupmax collaboration web client mail/schedulescope:eqversion:-7.x

Trust: 0.6

vendor:hitachimodel:groupmax collaboration web clientscope:eqversion:7.x

Trust: 0.6

vendor:hitachimodel:ucosminexus collaboration portalscope:eqversion:6.x

Trust: 0.6

vendor:hitachimodel:ucosminexus collaboration portal forum/file sharescope:eqversion:06-84

Trust: 0.3

vendor:hitachimodel:ucosminexus collaboration portalscope:eqversion:06-84

Trust: 0.3

vendor:hitachimodel:groupmax collaboration web client mail/schedulescope:eqversion:-07-84

Trust: 0.3

vendor:hitachimodel:groupmax collaboration web client forum/file sharescope:eqversion:-07-84

Trust: 0.3

vendor:hitachimodel:groupmax collaboration portalscope:eqversion:07-84

Trust: 0.3

sources: CNVD: CNVD-2012-9342 // BID: 57052

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201212-375

TYPE

xss

Trust: 0.7

sources: PACKETSTORM: 119094 // CNNVD: CNNVD-201212-375

PATCH

title:Patch for Hitachi Collaboration Product Cross-Site Scripting Vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/27016

Trust: 0.6

sources: CNVD: CNVD-2012-9342

EXTERNAL IDS

db:BIDid:57052

Trust: 0.9

db:SECUNIAid:51630

Trust: 0.8

db:CNVDid:CNVD-2012-9342

Trust: 0.6

db:CNNVDid:CNNVD-201212-375

Trust: 0.6

db:HITACHIid:HS12-029

Trust: 0.4

db:PACKETSTORMid:119094

Trust: 0.1

sources: CNVD: CNVD-2012-9342 // BID: 57052 // PACKETSTORM: 119094 // CNNVD: CNNVD-201212-375

REFERENCES

url:http://secunia.com/advisories/51630/

Trust: 0.7

url:http://www.securityfocus.com/bid/57052

Trust: 0.6

url:http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs12-029/index.html

Trust: 0.4

url:http://www.hitachi.co.jp/prod/comp/soft1/groupmax/product/suiteindex.html#coll

Trust: 0.3

url:http://secunia.com/vulnerability_intelligence/

Trust: 0.1

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=51630

Trust: 0.1

url:http://secunia.com/blog/325/

Trust: 0.1

url:http://secunia.com/advisories/51630/#comments

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

sources: CNVD: CNVD-2012-9342 // BID: 57052 // PACKETSTORM: 119094 // CNNVD: CNNVD-201212-375

CREDITS

Reported by the vendor.

Trust: 0.3

sources: BID: 57052

SOURCES

db:CNVDid:CNVD-2012-9342
db:BIDid:57052
db:PACKETSTORMid:119094
db:CNNVDid:CNNVD-201212-375

LAST UPDATE DATE

2022-05-17T22:51:28.311000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2012-9342date:2012-12-28T00:00:00
db:BIDid:57052date:2012-12-26T00:00:00
db:CNNVDid:CNNVD-201212-375date:2012-12-31T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2012-9342date:2012-12-28T00:00:00
db:BIDid:57052date:2012-12-26T00:00:00
db:PACKETSTORMid:119094date:2012-12-27T07:16:56
db:CNNVDid:CNNVD-201212-375date:2012-12-31T00:00:00