The session failover function in Cosminexus Component Container in Cosminexus 6, 6.7, and 7 before 20070731, as used in multiple Hitachi products, can use session data for the wrong user under unspecified conditions, which might allow remote authenticated users to obtain sensitive information, corrupt another user's session data, and possibly gain privileges.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:P/I:P/A:N
Vendors Products
Hitachi
  • Ucosminexus Erp Integrator
  • Electronic Form Workflow
  • Ucosminexus Service Architect
  • Cosminexus Collaboration Portal
  • Cosminexus Erp Integrator
  • Ucosminexus Application Server
  • Cosminexus Developer
  • Groupmax Collaboration Portal
  • Cosminexus Application Server
  • Cosminexus Opentp1 Web Front-end Set
  • Ucosminexus Developer
  • Ucosminexus Collaboration Portal
  • Ucosminexus Service Platform
  • Ucosminexus Opentp1 Web Front-end Set

Configuration 1 [-]

OR cpe:2.3:a:hitachi:cosminexus_application_server:6:*:enterprise:*:*:*:*:*
cpe:2.3:a:hitachi:cosminexus_application_server:6:*:standard:*:*:*:*:*
cpe:2.3:a:hitachi:cosminexus_collaboration_portal:*:*:*:*:*:*:*:*
cpe:2.3:a:hitachi:cosminexus_developer:6:*:light:*:*:*:*:*
cpe:2.3:a:hitachi:cosminexus_developer:6:*:professional:*:*:*:*:*
cpe:2.3:a:hitachi:cosminexus_developer:6:*:standard:*:*:*:*:*
cpe:2.3:a:hitachi:cosminexus_erp_integrator:*:*:*:*:*:*:*:*
cpe:2.3:a:hitachi:cosminexus_opentp1_web_front-end_set:*:*:*:*:*:*:*:*
cpe:2.3:a:hitachi:electronic_form_workflow:*:*:developer_client_set:*:*:*:*:*
cpe:2.3:a:hitachi:electronic_form_workflow:*:*:professional_library_set:*:*:*:*:*
cpe:2.3:a:hitachi:electronic_form_workflow:*:*:standard_set:*:*:*:*:*
cpe:2.3:a:hitachi:groupmax_collaboration_portal:*:*:server:*:*:*:*:*
cpe:2.3:a:hitachi:ucosminexus_application_server:*:*:enterprise:*:*:*:*:*
cpe:2.3:a:hitachi:ucosminexus_application_server:*:*:standard:*:*:*:*:*
cpe:2.3:a:hitachi:ucosminexus_collaboration_portal:*:*:server:*:*:*:*:*
cpe:2.3:a:hitachi:ucosminexus_developer:*:*:light:*:*:*:*:*
cpe:2.3:a:hitachi:ucosminexus_developer:*:*:professional:*:*:*:*:*
cpe:2.3:a:hitachi:ucosminexus_developer:*:*:standard:*:*:*:*:*
cpe:2.3:a:hitachi:ucosminexus_erp_integrator:*:*:*:*:*:*:*:*
cpe:2.3:a:hitachi:ucosminexus_opentp1_web_front-end_set:*:*:*:*:*:*:*:*
cpe:2.3:a:hitachi:ucosminexus_service_architect:*:*:*:*:*:*:*:*
cpe:2.3:a:hitachi:ucosminexus_service_platform:*:*:*:*:*:*:*:*
References
Link Resource
http://osvdb.org/37852
http://secunia.com/advisories/26250 Vendor Advisory
http://www.hitachi-support.com/security_e/vuls_e/HS07-024_e/index-e.html Patch Vendor Advisory
http://www.securityfocus.com/bid/25145
http://www.vupen.com/english/advisories/2007/2725
https://exchange.xforce.ibmcloud.com/vulnerabilities/35706
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-08-01T16:00:00

Updated: 2017-07-28T12:57:01

Reserved: 2007-08-01T00:00:00

Link: CVE-2007-4124

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2007-08-01T16:17:00.000

Modified: 2017-07-29T01:32:44.003

Link: CVE-2007-4124

JSON object: View

cve-icon Redhat Information

No data.

CWE