Vulnerability CVE-2007-4124
Published: 2007-08-01   Modified: 2012-02-12

Description:
The session failover function in Cosminexus Component Container in Cosminexus 6, 6.7, and 7 before 20070731, as used in multiple Hitachi products, can use session data for the wrong user under unspecified conditions, which might allow remote authenticated users to obtain sensitive information, corrupt another user's session data, and possibly gain privileges.

CVSS2 => (AV:N/AC:M/Au:S/C:P/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.9/10
4.9/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
None
Affected software
Hitachi -> Cosminexus application server 
Hitachi -> Cosminexus collaboration portal 
Hitachi -> Cosminexus developer 
Hitachi -> Cosminexus erp integrator 
Hitachi -> Cosminexus opentp1 web front-end set 
Hitachi -> Electronic form workflow 
Hitachi -> Groupmax collaboration portal 
Hitachi -> Ucosminexus application server 
Hitachi -> Ucosminexus collaboration portal 
Hitachi -> Ucosminexus developer 
Hitachi -> Ucosminexus erp integrator 
Hitachi -> Ucosminexus opentp1 web front-end set 
Hitachi -> Ucosminexus service architect 
Hitachi -> Ucosminexus service platform 

 References:
http://www.hitachi-support.com/security_e/vuls_e/HS07-024_e/index-e.html
http://www.vupen.com/english/advisories/2007/2725
http://secunia.com/advisories/26250
http://osvdb.org/37852
http://xforce.iss.net/xforce/xfdb/35706
http://www.securityfocus.com/bid/25145
Copyright 2024, cxsecurity.com

 

Back to Top