Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2007-4124

The session failover function in Cosminexus Component Container in Cosminexus 6, 6.7, and 7 before 20070731, as used in multiple Hitachi products, can use session data for the wrong user under unspecified conditions, which might allow remote authenticated users to obtain sensitive information, corrupt another user's session data, and possibly gain privileges.

Published

2007-08-01T16:17:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.9 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:P/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

6.8

Impact Score

4.9

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	hitachi	cosminexus_application_server	6	Yes
Application	hitachi	cosminexus_application_server	6	Yes
Application	hitachi	cosminexus_collaboration_portal	*	Yes
Application	hitachi	cosminexus_developer	6	Yes
Application	hitachi	cosminexus_developer	6	Yes
Application	hitachi	cosminexus_developer	6	Yes
Application	hitachi	cosminexus_erp_integrator	*	Yes
Application	hitachi	cosminexus_opentp1_web_front-end_set	*	Yes
Application	hitachi	electronic_form_workflow	*	Yes
Application	hitachi	electronic_form_workflow	*	Yes
Application	hitachi	electronic_form_workflow	*	Yes
Application	hitachi	groupmax_collaboration_portal	*	Yes
Application	hitachi	ucosminexus_application_server	*	Yes
Application	hitachi	ucosminexus_application_server	*	Yes
Application	hitachi	ucosminexus_collaboration_portal	*	Yes
Application	hitachi	ucosminexus_developer	*	Yes
Application	hitachi	ucosminexus_developer	*	Yes
Application	hitachi	ucosminexus_developer	*	Yes
Application	hitachi	ucosminexus_erp_integrator	*	Yes
Application	hitachi	ucosminexus_opentp1_web_front-end_set	*	Yes
Application	hitachi	ucosminexus_service_architect	*	Yes
Application	hitachi	ucosminexus_service_platform	*	Yes

References

http://osvdb.org/37852 ([email protected])
http://secunia.com/advisories/26250 Vendor Advisory ([email protected])
http://www.hitachi-support.com/security_e/vuls_e/HS07-024_e/index-e.html Patch, Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/25145 ([email protected])
http://www.vupen.com/english/advisories/2007/2725 ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/35706 ([email protected])
http://osvdb.org/37852 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26250 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.hitachi-support.com/security_e/vuls_e/HS07-024_e/index-e.html Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/25145 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2007/2725 (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35706 (af854a3a-2127-422b-91ae-364da2661108)