Lucene search

[email protected]CVE-2007-4124

HistoryAug 01, 2007 - 4:17 p.m.

CVE-2007-4124

2007-08-0116:17:00

[email protected]

web.nvd.nist.gov

cve-2007-4124

cosminexus

session failover

remote authenticated users

sensitive information

session data

gain privileges

4.9 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:P/A:N

6.5 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

69.9%

JSON

The session failover function in Cosminexus Component Container in Cosminexus 6, 6.7, and 7 before 20070731, as used in multiple Hitachi products, can use session data for the wrong user under unspecified conditions, which might allow remote authenticated users to obtain sensitive information, corrupt another user’s session data, and possibly gain privileges.

Affected configurations

NVD

Node

hitachicosminexus_application_serverMatch6enterprise

hitachicosminexus_application_serverMatch6standard

hitachicosminexus_collaboration_portal

hitachicosminexus_developerMatch6light

hitachicosminexus_developerMatch6professional

hitachicosminexus_developerMatch6standard

hitachicosminexus_erp_integrator

hitachicosminexus_opentp1_web_front-end_set

hitachielectronic_form_workflowdeveloper_client_set

hitachielectronic_form_workflowprofessional_library_set

hitachielectronic_form_workflowstandard_set

hitachigroupmax_collaboration_portalserver

hitachiucosminexus_application_serverenterprise

hitachiucosminexus_application_serverstandard

hitachiucosminexus_collaboration_portalserver

hitachiucosminexus_developerlight

hitachiucosminexus_developerprofessional

hitachiucosminexus_developerstandard

hitachiucosminexus_erp_integrator

hitachiucosminexus_opentp1_web_front-end_set

hitachiucosminexus_service_architect

hitachiucosminexus_service_platform

CPENameOperatorVersion
hitachi:cosminexus_application_serverhitachi cosminexus application servereq6
hitachi:cosminexus_collaboration_portalhitachi cosminexus collaboration portaleq*
hitachi:cosminexus_developerhitachi cosminexus developereq6
hitachi:cosminexus_erp_integratorhitachi cosminexus erp integratoreq*
hitachi:cosminexus_opentp1_web_front-end_sethitachi cosminexus opentp1 web front-end seteq*
hitachi:electronic_form_workflowhitachi electronic form workfloweq*
hitachi:groupmax_collaboration_portalhitachi groupmax collaboration portaleq*
hitachi:ucosminexus_application_serverhitachi ucosminexus application servereq*
hitachi:ucosminexus_collaboration_portalhitachi ucosminexus collaboration portaleq*
hitachi:ucosminexus_developerhitachi ucosminexus developereq*

CPE	Name	Operator	Version
hitachi:cosminexus_application_server	hitachi cosminexus application server	eq	6
hitachi:cosminexus_collaboration_portal	hitachi cosminexus collaboration portal	eq	*
hitachi:cosminexus_developer	hitachi cosminexus developer	eq	6
hitachi:cosminexus_erp_integrator	hitachi cosminexus erp integrator	eq	*
hitachi:cosminexus_opentp1_web_front-end_set	hitachi cosminexus opentp1 web front-end set	eq	*
hitachi:electronic_form_workflow	hitachi electronic form workflow	eq	*
hitachi:groupmax_collaboration_portal	hitachi groupmax collaboration portal	eq	*
hitachi:ucosminexus_application_server	hitachi ucosminexus application server	eq	*
hitachi:ucosminexus_collaboration_portal	hitachi ucosminexus collaboration portal	eq	*
hitachi:ucosminexus_developer	hitachi ucosminexus developer	eq	*

Rows per page:

1-10 of 141

References

osvdb.org/37852

secunia.com/advisories/26250

www.hitachi-support.com/security_e/vuls_e/HS07-024_e/index-e.html

www.securityfocus.com/bid/25145

www.vupen.com/english/advisories/2007/2725

exchange.xforce.ibmcloud.com/vulnerabilities/35706

4.9 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:P/A:N

6.5 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

69.9%

JSON

Related for CVE-2007-4124

cvelist1 nvd1 prion1