Lucene search

[email protected]CVE-2007-4564

HistoryAug 28, 2007 - 1:17 a.m.

CVE-2007-4564

2007-08-2801:17:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2007-4564

cosminexus manager

application server

user group permissions

local privilege escalation

security vulnerability

7.3 High

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.3%

JSON

Cosminexus Manager in Cosminexus Application Server 07-00 and later might assign the wrong user’s group permissions to logical user server processes, which allows local users to gain privileges.

CPENameOperatorVersion
hitachi:ucosminexus_application_server_standardhitachi ucosminexus application server standardeq06_70_b
hitachi:ucosminexus_application_server_standardhitachi ucosminexus application server standardeq06_70_d
hitachi:ucosminexus_service_platformhitachi ucosminexus service platformeq07_00
hitachi:cosminexus_application_server_enterprisehitachi cosminexus application server enterpriseeq06_50
hitachi:ucosminexus_application_server_enterprisehitachi ucosminexus application server enterpriseeq06_72_b
hitachi:cosminexus_application_server_standardhitachi cosminexus application server standardeq06_50_f
hitachi:ucosminexus_application_server_enterprisehitachi ucosminexus application server enterpriseeq06_70_b
hitachi:ucosminexus_application_server_standardhitachi ucosminexus application server standardeq07_10
hitachi:ucosminexus_application_server_standardhitachi ucosminexus application server standardeq06_70
hitachi:electronic_form_workflow_-professional_library_sethitachi electronic form workflow -professional library seteq07_00_b

CPE	Name	Operator	Version
hitachi:ucosminexus_application_server_standard	hitachi ucosminexus application server standard	eq	06_70_b
hitachi:ucosminexus_application_server_standard	hitachi ucosminexus application server standard	eq	06_70_d
hitachi:ucosminexus_service_platform	hitachi ucosminexus service platform	eq	07_00
hitachi:cosminexus_application_server_enterprise	hitachi cosminexus application server enterprise	eq	06_50
hitachi:ucosminexus_application_server_enterprise	hitachi ucosminexus application server enterprise	eq	06_72_b
hitachi:cosminexus_application_server_standard	hitachi cosminexus application server standard	eq	06_50_f
hitachi:ucosminexus_application_server_enterprise	hitachi ucosminexus application server enterprise	eq	06_70_b
hitachi:ucosminexus_application_server_standard	hitachi ucosminexus application server standard	eq	07_10
hitachi:ucosminexus_application_server_standard	hitachi ucosminexus application server standard	eq	06_70
hitachi:electronic_form_workflow_-professional_library_set	hitachi electronic form workflow -professional library set	eq	07_00_b

Rows per page:

1-10 of 591

References

osvdb.org/37855

secunia.com/advisories/26589

www.hitachi-support.com/security_e/vuls_e/HS07-025_e/index-e.html

www.securityfocus.com/bid/25434

exchange.xforce.ibmcloud.com/vulnerabilities/36245

7.3 High

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.3%

JSON

Related for CVE-2007-4564

prion1