cvelistv5 - CVE-2007-4124

CVE-2007-4124

Vulnerability from cvelistv5

Published

2007-08-01 16:00

Modified

2024-08-07 14:46

Severity ?

Summary

The session failover function in Cosminexus Component Container in Cosminexus 6, 6.7, and 7 before 20070731, as used in multiple Hitachi products, can use session data for the wrong user under unspecified conditions, which might allow remote authenticated users to obtain sensitive information, corrupt another user's session data, and possibly gain privileges.

References

URL	Tags
cve@mitre.org	http://osvdb.org/37852
cve@mitre.org	http://secunia.com/advisories/26250	Vendor Advisory
cve@mitre.org	http://www.hitachi-support.com/security_e/vuls_e/HS07-024_e/index-e.html	Patch, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/25145
cve@mitre.org	http://www.vupen.com/english/advisories/2007/2725
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/35706

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:46:38.979Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "25145",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/25145"
          },
          {
            "name": "ADV-2007-2725",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2725"
          },
          {
            "name": "hitachi-container-session-hijacking(35706)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35706"
          },
          {
            "name": "37852",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37852"
          },
          {
            "name": "26250",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26250"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.hitachi-support.com/security_e/vuls_e/HS07-024_e/index-e.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-07-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The session failover function in Cosminexus Component Container in Cosminexus 6, 6.7, and 7 before 20070731, as used in multiple Hitachi products, can use session data for the wrong user under unspecified conditions, which might allow remote authenticated users to obtain sensitive information, corrupt another user\u0027s session data, and possibly gain privileges."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "25145",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/25145"
        },
        {
          "name": "ADV-2007-2725",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2725"
        },
        {
          "name": "hitachi-container-session-hijacking(35706)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35706"
        },
        {
          "name": "37852",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37852"
        },
        {
          "name": "26250",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26250"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.hitachi-support.com/security_e/vuls_e/HS07-024_e/index-e.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-4124",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The session failover function in Cosminexus Component Container in Cosminexus 6, 6.7, and 7 before 20070731, as used in multiple Hitachi products, can use session data for the wrong user under unspecified conditions, which might allow remote authenticated users to obtain sensitive information, corrupt another user\u0027s session data, and possibly gain privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "25145",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/25145"
            },
            {
              "name": "ADV-2007-2725",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2725"
            },
            {
              "name": "hitachi-container-session-hijacking(35706)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35706"
            },
            {
              "name": "37852",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37852"
            },
            {
              "name": "26250",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26250"
            },
            {
              "name": "http://www.hitachi-support.com/security_e/vuls_e/HS07-024_e/index-e.html",
              "refsource": "CONFIRM",
              "url": "http://www.hitachi-support.com/security_e/vuls_e/HS07-024_e/index-e.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-4124",
    "datePublished": "2007-08-01T16:00:00",
    "dateReserved": "2007-08-01T00:00:00",
    "dateUpdated": "2024-08-07T14:46:38.979Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-4124\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-08-01T16:17:00.000\",\"lastModified\":\"2017-07-29T01:32:44.003\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"The session failover function in Cosminexus Component Container in Cosminexus 6, 6.7, and 7 before 20070731, as used in multiple Hitachi products, can use session data for the wrong user under unspecified conditions, which might allow remote authenticated users to obtain sensitive information, corrupt another user\u0027s session data, and possibly gain privileges.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n de recuperaci\u00f3n de sesi\u00f3n ante fallos en Cosminexus Component Container de Cosminexus 6, 6.7, y 7 anterior al 31/07/2007, como el usado en m\u00faltiples productos de Hitachi, puede utilizar informaci\u00f3n de la sesi\u00f3n para el usuario equivocado bajo ciertas condiciones no especificadas, lo cual podr\u00eda permitir a usuarios autenticados remotos obtener informaci\u00f3n sensible, corromper la informaci\u00f3n de sesi\u00f3n de otros usuarios, y posiblemente obtener privilegios.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:P/I:P/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.9},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":6.8,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:cosminexus_application_server:6:*:enterprise:*:*:*:*:*\",\"matchCriteriaId\":\"336AC0E8-01DB-4D75-8F9F-E1673BE7883A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:cosminexus_application_server:6:*:standard:*:*:*:*:*\",\"matchCriteriaId\":\"B2306ACE-7FC7-4B52-AAE8-436A606C5041\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:cosminexus_collaboration_portal:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA4E08A2-D531-4DE2-B449-48B8AA11F365\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:cosminexus_developer:6:*:light:*:*:*:*:*\",\"matchCriteriaId\":\"44328F8D-C3B7-45CD-B01D-69328275C5A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:cosminexus_developer:6:*:professional:*:*:*:*:*\",\"matchCriteriaId\":\"43EFBD4E-DC14-4142-8128-B4261431E8FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:cosminexus_developer:6:*:standard:*:*:*:*:*\",\"matchCriteriaId\":\"7A7BE1FF-7B19-4F3F-B02D-2AA27B38F088\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:cosminexus_erp_integrator:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"84DD23A3-EC26-4805-BCCC-9F6B1EED60D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:cosminexus_opentp1_web_front-end_set:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CACCCE63-723C-449B-9661-FCE9FA94DD65\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:electronic_form_workflow:*:*:developer_client_set:*:*:*:*:*\",\"matchCriteriaId\":\"945C66CA-31DB-408D-BD4B-D023381F5DF0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:electronic_form_workflow:*:*:professional_library_set:*:*:*:*:*\",\"matchCriteriaId\":\"424670C5-82C6-44E0-A3C0-4391F254E6BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:electronic_form_workflow:*:*:standard_set:*:*:*:*:*\",\"matchCriteriaId\":\"182C9BBE-DA39-412C-868A-CCDE7E4399CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:groupmax_collaboration_portal:*:*:server:*:*:*:*:*\",\"matchCriteriaId\":\"3A8F4CE3-0710-4F68-B8C3-31B5F4E13BA8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server:*:*:enterprise:*:*:*:*:*\",\"matchCriteriaId\":\"F374179A-7C0D-48B2-B0FF-39F5D4A7E37B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server:*:*:standard:*:*:*:*:*\",\"matchCriteriaId\":\"272AD10C-E135-4EEE-8F48-E28CF5F7B3D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_collaboration_portal:*:*:server:*:*:*:*:*\",\"matchCriteriaId\":\"271FC231-03E1-4C99-B9F3-A8536503B71B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_developer:*:*:light:*:*:*:*:*\",\"matchCriteriaId\":\"8E2D80C1-773F-4C43-B990-2575782E619C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_developer:*:*:professional:*:*:*:*:*\",\"matchCriteriaId\":\"03011EFF-6C5F-40F2-BF6D-FE4DE0E6F552\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_developer:*:*:standard:*:*:*:*:*\",\"matchCriteriaId\":\"415BE30B-0222-4C2F-9791-273469DB5BED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_erp_integrator:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C963599-5B39-40A0-A834-E738164B3531\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_opentp1_web_front-end_set:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C564AA10-5286-4986-A580-61EC7A746352\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_service_architect:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"354BD4CE-7B1A-4442-9F87-08CD70D9499E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_service_platform:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72E63548-3AB3-4B78-AA2D-5B2AC7E06DD7\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/37852\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/26250\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.hitachi-support.com/security_e/vuls_e/HS07-024_e/index-e.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/25145\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/2725\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/35706\",\"source\":\"cve@mitre.org\"}]}}"
  }
}

CVE-2007-4124

Vulnerability from jvndb

Published

2008-05-21 00:00

Modified

2008-05-21 00:00

Severity ?

() - -

Summary

Cosminexus Component Container Session Handling Vulnerability

Details

The session failover function in Cosminexus Component Container may fail to handle session information properly and allow one user's session data to be used as aonther user's session data.

References

▼	Type	URL
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4124
	NVD	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4124
	SECUNIA	http://secunia.com/advisories/26250
	BID	http://www.securityfocus.com/bid/25145
	XF	http://xforce.iss.net/xforce/xfdb/35706
	FRSIRT	http://www.frsirt.com/english/advisories/2007/2725

Impacted products

▼	Vendor	Product
	Hitachi, Ltd	Cosminexus Application Server
	Hitachi, Ltd	Cosminexus Collaboration
	Hitachi, Ltd	Cosminexus Component Container
	Hitachi, Ltd	Cosminexus Developer
	Hitachi, Ltd	Cosminexus ERP Integrator
	Hitachi, Ltd	Cosminexus/OpenTP1
	Hitachi, Ltd	Electronic Form Workflow
	Hitachi, Ltd	Groupmax Collaboration
	Hitachi, Ltd	uCosminexus Application Server
	Hitachi, Ltd	uCosminexus Collaboration
	Hitachi, Ltd	uCosminexus Developer
	Hitachi, Ltd	uCosminexus ERP Integrator
	Hitachi, Ltd	uCosminexus/OpenTP1
	Hitachi, Ltd	uCosminexus Service

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-001133.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "The session failover function in Cosminexus Component Container may fail to handle session information properly and allow one user\u0027s session data to be used as aonther user\u0027s session data.",
  "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-001133.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:hitachi:cosminexus_application_server",
      "@product": "Cosminexus Application Server",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_collaboration",
      "@product": "Cosminexus Collaboration",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_component_container",
      "@product": "Cosminexus Component Container",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_developer",
      "@product": "Cosminexus Developer",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_erp_integrator",
      "@product": "Cosminexus ERP Integrator",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_opentp1",
      "@product": "Cosminexus/OpenTP1",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:electronic_form_workflow",
      "@product": "Electronic Form Workflow",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:groupmax_collaboration",
      "@product": "Groupmax Collaboration",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_application_server",
      "@product": "uCosminexus Application Server",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_collaboration",
      "@product": "uCosminexus Collaboration",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_developer",
      "@product": "uCosminexus Developer",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_erp_integrator",
      "@product": "uCosminexus ERP Integrator",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_opentp1",
      "@product": "uCosminexus/OpenTP1 ",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_service",
      "@product": "uCosminexus Service",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "4.9",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2007-001133",
  "sec:references": [
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4124",
      "@id": "CVE-2007-4124",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4124",
      "@id": "CVE-2007-4124",
      "@source": "NVD"
    },
    {
      "#text": "http://secunia.com/advisories/26250",
      "@id": "SA26250",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/25145",
      "@id": "25145",
      "@source": "BID"
    },
    {
      "#text": "http://xforce.iss.net/xforce/xfdb/35706",
      "@id": "35706",
      "@source": "XF"
    },
    {
      "#text": "http://www.frsirt.com/english/advisories/2007/2725",
      "@id": "FrSIRT/ADV-2007-2725",
      "@source": "FRSIRT"
    }
  ],
  "title": "Cosminexus Component Container Session Handling Vulnerability"
}

gsd-2007-4124

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2007-4124

Aliases

CVE-2007-4124

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-4124",
    "description": "The session failover function in Cosminexus Component Container in Cosminexus 6, 6.7, and 7 before 20070731, as used in multiple Hitachi products, can use session data for the wrong user under unspecified conditions, which might allow remote authenticated users to obtain sensitive information, corrupt another user\u0027s session data, and possibly gain privileges.",
    "id": "GSD-2007-4124"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-4124"
      ],
      "details": "The session failover function in Cosminexus Component Container in Cosminexus 6, 6.7, and 7 before 20070731, as used in multiple Hitachi products, can use session data for the wrong user under unspecified conditions, which might allow remote authenticated users to obtain sensitive information, corrupt another user\u0027s session data, and possibly gain privileges.",
      "id": "GSD-2007-4124",
      "modified": "2023-12-13T01:21:37.139396Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-4124",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The session failover function in Cosminexus Component Container in Cosminexus 6, 6.7, and 7 before 20070731, as used in multiple Hitachi products, can use session data for the wrong user under unspecified conditions, which might allow remote authenticated users to obtain sensitive information, corrupt another user\u0027s session data, and possibly gain privileges."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "25145",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/25145"
          },
          {
            "name": "ADV-2007-2725",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/2725"
          },
          {
            "name": "hitachi-container-session-hijacking(35706)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35706"
          },
          {
            "name": "37852",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/37852"
          },
          {
            "name": "26250",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/26250"
          },
          {
            "name": "http://www.hitachi-support.com/security_e/vuls_e/HS07-024_e/index-e.html",
            "refsource": "CONFIRM",
            "url": "http://www.hitachi-support.com/security_e/vuls_e/HS07-024_e/index-e.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_collaboration_portal:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_developer:6:*:light:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:electronic_form_workflow:*:*:standard_set:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:groupmax_collaboration_portal:*:*:server:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_opentp1_web_front-end_set:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_service_architect:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_developer:6:*:professional:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_developer:6:*:standard:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server:*:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server:*:*:standard:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_collaboration_portal:*:*:server:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_service_platform:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_application_server:6:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_application_server:6:*:standard:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:electronic_form_workflow:*:*:developer_client_set:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:electronic_form_workflow:*:*:professional_library_set:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_developer:*:*:standard:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_erp_integrator:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_erp_integrator:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_opentp1_web_front-end_set:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_developer:*:*:light:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_developer:*:*:professional:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-4124"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The session failover function in Cosminexus Component Container in Cosminexus 6, 6.7, and 7 before 20070731, as used in multiple Hitachi products, can use session data for the wrong user under unspecified conditions, which might allow remote authenticated users to obtain sensitive information, corrupt another user\u0027s session data, and possibly gain privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.hitachi-support.com/security_e/vuls_e/HS07-024_e/index-e.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.hitachi-support.com/security_e/vuls_e/HS07-024_e/index-e.html"
            },
            {
              "name": "26250",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/26250"
            },
            {
              "name": "25145",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/25145"
            },
            {
              "name": "37852",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/37852"
            },
            {
              "name": "ADV-2007-2725",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/2725"
            },
            {
              "name": "hitachi-container-session-hijacking(35706)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35706"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 6.8,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-07-29T01:32Z",
      "publishedDate": "2007-08-01T16:17Z"
    }
  }
}

var-200708-0154

Vulnerability from variot

There is a vulnerability in Hitachi uCosminexus's session failover implementation. Remote attackers may use this vulnerability to obtain session-related sensitive data.

Details of the vulnerability are currently unknown.

BETA test the new Secunia Personal Software Inspector!

The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors.

Download the free PSI BETA from the Secunia website: https://psi.secunia.com/

TITLE: Hitachi Products Cosminexus Component Container Improper Session Data Handling

SECUNIA ADVISORY ID: SA26250

VERIFY ADVISORY: http://secunia.com/advisories/26250/

CRITICAL: Less critical

IMPACT: Security Bypass, Exposure of sensitive information

WHERE:

From local network

SOFTWARE: uCosminexus Application Server http://secunia.com/product/13819/ uCosminexus Service Platform http://secunia.com/product/13823/ uCosminexus Developer http://secunia.com/product/13820/ uCosminexus Service Architect http://secunia.com/product/13821/ Cosminexus 6.x http://secunia.com/product/5795/

DESCRIPTION: A security issue has been reported in Hitachi products, which potentially can be exploited by malicious users to gain knowledge of sensitive information or bypass certain security restrictions.

Please see the vendor's advisory for a list of affected products and versions.

SOLUTION: Please see the vendor's advisory for fix details.

PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.

ORIGINAL ADVISORY: http://www.hitachi-support.com/security_e/vuls_e/HS07-024_e/index-e.html

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200708-0154",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ucosminexus application server",
        "scope": "eq",
        "trust": 1.4,
        "vendor": "hitachi",
        "version": "enterprise"
      },
      {
        "model": "ucosminexus application server",
        "scope": "eq",
        "trust": 1.4,
        "vendor": "hitachi",
        "version": "standard"
      },
      {
        "model": "ucosminexus developer",
        "scope": "eq",
        "trust": 1.4,
        "vendor": "hitachi",
        "version": "light"
      },
      {
        "model": "ucosminexus developer",
        "scope": "eq",
        "trust": 1.4,
        "vendor": "hitachi",
        "version": "professional"
      },
      {
        "model": "ucosminexus developer",
        "scope": "eq",
        "trust": 1.4,
        "vendor": "hitachi",
        "version": "standard"
      },
      {
        "model": "ucosminexus erp integrator",
        "scope": null,
        "trust": 1.4,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "electronic form workflow",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "*"
      },
      {
        "model": "cosminexus developer",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "6"
      },
      {
        "model": "groupmax collaboration portal",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "*"
      },
      {
        "model": "ucosminexus service architect",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "*"
      },
      {
        "model": "ucosminexus collaboration portal",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "*"
      },
      {
        "model": "cosminexus opentp1 web front-end set",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "*"
      },
      {
        "model": "cosminexus erp integrator",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "*"
      },
      {
        "model": "ucosminexus developer",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "*"
      },
      {
        "model": "ucosminexus opentp1 web front-end set",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "*"
      },
      {
        "model": "cosminexus application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "6"
      },
      {
        "model": "ucosminexus erp integrator",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "*"
      },
      {
        "model": "ucosminexus service platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "*"
      },
      {
        "model": "cosminexus collaboration portal",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "*"
      },
      {
        "model": "ucosminexus application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "*"
      },
      {
        "model": "cosminexus application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "enterprise version 6"
      },
      {
        "model": "cosminexus application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "standard version 6"
      },
      {
        "model": "cosminexus collaboration",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "server"
      },
      {
        "model": "cosminexus component container",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "cosminexus developer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "light version 6"
      },
      {
        "model": "cosminexus developer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "professional version 6"
      },
      {
        "model": "cosminexus developer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "standard version 6"
      },
      {
        "model": "cosminexus erp integrator",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "cosminexus/opentp1",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "web front-end set"
      },
      {
        "model": "electronic form workflow",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "developer client set"
      },
      {
        "model": "electronic form workflow",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "professional library set"
      },
      {
        "model": "electronic form workflow",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "standard set"
      },
      {
        "model": "groupmax collaboration",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "server"
      },
      {
        "model": "ucosminexus collaboration",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "server"
      },
      {
        "model": "ucosminexus service",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "architect"
      },
      {
        "model": "ucosminexus service",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "platform"
      },
      {
        "model": "ucosminexus/opentp1",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "web front-end set"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.6,
        "vendor": "none",
        "version": null
      },
      {
        "model": "ucosminexus application server standard 06-70-/b",
        "scope": null,
        "trust": 0.6,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus application server standard 06-70-/a",
        "scope": null,
        "trust": 0.6,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus application server enterprise 06-70-/b",
        "scope": null,
        "trust": 0.6,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus application server enterprise 06-70-/a",
        "scope": null,
        "trust": 0.6,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus application server enterprise",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hitachi",
        "version": "06-70"
      },
      {
        "model": "ucosminexus service platform",
        "scope": null,
        "trust": 0.6,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus opentp1 web front-end set",
        "scope": null,
        "trust": 0.6,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus service architect",
        "scope": null,
        "trust": 0.6,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus collaboration portal",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hitachi",
        "version": "server"
      },
      {
        "model": "ucosminexus/opentp1 web front-end set",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "0"
      },
      {
        "model": "ucosminexus service platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "0"
      },
      {
        "model": "ucosminexus service architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "0"
      },
      {
        "model": "ucosminexus erp integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "0"
      },
      {
        "model": "ucosminexus developer standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "0"
      },
      {
        "model": "ucosminexus developer professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "0"
      },
      {
        "model": "ucosminexus collaboration server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "0"
      },
      {
        "model": "ucosminexus application server standard version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "6"
      },
      {
        "model": "ucosminexus application server standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "06-70"
      },
      {
        "model": "ucosminexus application server standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "0"
      },
      {
        "model": "ucosminexus application server smart edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "0"
      },
      {
        "model": "ucosminexus application server enterprise version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "6"
      },
      {
        "model": "ucosminexus application server enterprise )",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "09-80"
      },
      {
        "model": "groupmax collaboration server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "0"
      },
      {
        "model": "electronic form workflow standard set",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "0"
      },
      {
        "model": "electronic form workflow professional library set",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "0"
      },
      {
        "model": "electronic form workflow developer client set",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "0"
      },
      {
        "model": "cosminexus/opentp1 web front-end set",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "0"
      },
      {
        "model": "cosminexus erp integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "0"
      },
      {
        "model": "cosminexus developer standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "6"
      },
      {
        "model": "cosminexus developer professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "6"
      },
      {
        "model": "cosminexus developer light",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "6"
      },
      {
        "model": "cosminexus collaboration server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "0"
      },
      {
        "model": "cosminexus application server standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "6"
      },
      {
        "model": "cosminexus application server enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "6"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2007-4792"
      },
      {
        "db": "BID",
        "id": "25145"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001133"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-4124"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200708-002"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_collaboration_portal:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_developer:6:*:light:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:electronic_form_workflow:*:*:standard_set:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:groupmax_collaboration_portal:*:*:server:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_opentp1_web_front-end_set:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_service_architect:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_developer:6:*:professional:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_developer:6:*:standard:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server:*:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server:*:*:standard:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_collaboration_portal:*:*:server:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_service_platform:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_application_server:6:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_application_server:6:*:standard:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:electronic_form_workflow:*:*:developer_client_set:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:electronic_form_workflow:*:*:professional_library_set:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_developer:*:*:standard:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_erp_integrator:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_erp_integrator:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_opentp1_web_front-end_set:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_developer:*:*:light:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_developer:*:*:professional:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-4124"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor disclosed this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "25145"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2007-4124",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.8,
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 4.9,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2007-001133",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2007-4124",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2007-001133",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200708-002",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001133"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-4124"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200708-002"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The session failover function in Cosminexus Component Container in Cosminexus 6, 6.7, and 7 before 20070731, as used in multiple Hitachi products, can use session data for the wrong user under unspecified conditions, which might allow remote authenticated users to obtain sensitive information, corrupt another user\u0027s session data, and possibly gain privileges. Hitachi uCosminexus is an application server system. \n\n\u00a0There is a vulnerability in Hitachi uCosminexus\u0027s session failover implementation. Remote attackers may use this vulnerability to obtain session-related sensitive data. \n\n\u00a0Details of the vulnerability are currently unknown. \n\n----------------------------------------------------------------------\n\nBETA test the new Secunia Personal Software Inspector!\n\nThe Secunia PSI detects installed software on your computer and\ncategorises it as either Insecure, End-of-Life, or Up-To-Date. \nEffectively enabling you to focus your attention on software\ninstallations where more secure versions are available from the\nvendors. \n\nDownload the free PSI BETA from the Secunia website:\nhttps://psi.secunia.com/\n\n----------------------------------------------------------------------\n\nTITLE:\nHitachi Products Cosminexus Component Container Improper Session Data\nHandling\n\nSECUNIA ADVISORY ID:\nSA26250\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/26250/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nSecurity Bypass, Exposure of sensitive information\n\nWHERE:\n\u003eFrom local network\n\nSOFTWARE:\nuCosminexus Application Server\nhttp://secunia.com/product/13819/\nuCosminexus Service Platform\nhttp://secunia.com/product/13823/\nuCosminexus Developer\nhttp://secunia.com/product/13820/\nuCosminexus Service Architect\nhttp://secunia.com/product/13821/\nCosminexus 6.x\nhttp://secunia.com/product/5795/\n\nDESCRIPTION:\nA security issue has been reported in Hitachi products, which\npotentially can be exploited by malicious users to gain knowledge of\nsensitive information or bypass certain security restrictions. \n\nPlease see the vendor\u0027s advisory for a list of affected products and\nversions. \n\nSOLUTION:\nPlease see the vendor\u0027s advisory for fix details. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nhttp://www.hitachi-support.com/security_e/vuls_e/HS07-024_e/index-e.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-4124"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001133"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2007-4792"
      },
      {
        "db": "BID",
        "id": "25145"
      },
      {
        "db": "PACKETSTORM",
        "id": "58201"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2007-4124",
        "trust": 3.3
      },
      {
        "db": "BID",
        "id": "25145",
        "trust": 2.7
      },
      {
        "db": "SECUNIA",
        "id": "26250",
        "trust": 2.6
      },
      {
        "db": "HITACHI",
        "id": "HS07-024",
        "trust": 2.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-2725",
        "trust": 1.6
      },
      {
        "db": "OSVDB",
        "id": "37852",
        "trust": 1.6
      },
      {
        "db": "XF",
        "id": "35706",
        "trust": 1.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001133",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2007-4792",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200708-002",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "58201",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2007-4792"
      },
      {
        "db": "BID",
        "id": "25145"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001133"
      },
      {
        "db": "PACKETSTORM",
        "id": "58201"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-4124"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200708-002"
      }
    ]
  },
  "id": "VAR-200708-0154",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2007-4792"
      }
    ],
    "trust": 0.8833333299999999
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2007-4792"
      }
    ]
  },
  "last_update_date": "2023-12-18T14:02:33.012000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HS07-024",
        "trust": 0.8,
        "url": "http://www.hitachi-support.com/security_e/vuls_e/hs07-024_e/index-e.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001133"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-4124"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "http://secunia.com/advisories/26250"
      },
      {
        "trust": 2.4,
        "url": "http://www.securityfocus.com/bid/25145"
      },
      {
        "trust": 2.0,
        "url": "http://www.hitachi-support.com/security_e/vuls_e/hs07-024_e/index-e.html"
      },
      {
        "trust": 1.6,
        "url": "http://osvdb.org/37852"
      },
      {
        "trust": 1.4,
        "url": "http://www.frsirt.com/english/advisories/2007/2725"
      },
      {
        "trust": 1.4,
        "url": "http://xforce.iss.net/xforce/xfdb/35706"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/2725"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35706"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4124"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-4124"
      },
      {
        "trust": 0.3,
        "url": "http://www.hds.com/products/storage-software/hitachi-device-manager.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/13823/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/26250/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5795/"
      },
      {
        "trust": 0.1,
        "url": "https://psi.secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/13820/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/13821/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/13819/"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "25145"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001133"
      },
      {
        "db": "PACKETSTORM",
        "id": "58201"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-4124"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200708-002"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2007-4792"
      },
      {
        "db": "BID",
        "id": "25145"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001133"
      },
      {
        "db": "PACKETSTORM",
        "id": "58201"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-4124"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200708-002"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-07-31T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2007-4792"
      },
      {
        "date": "2007-07-31T00:00:00",
        "db": "BID",
        "id": "25145"
      },
      {
        "date": "2008-05-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-001133"
      },
      {
        "date": "2007-08-01T00:35:42",
        "db": "PACKETSTORM",
        "id": "58201"
      },
      {
        "date": "2007-08-01T16:17:00",
        "db": "NVD",
        "id": "CVE-2007-4124"
      },
      {
        "date": "2007-08-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200708-002"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-07-31T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2007-4792"
      },
      {
        "date": "2015-05-07T17:36:00",
        "db": "BID",
        "id": "25145"
      },
      {
        "date": "2008-05-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-001133"
      },
      {
        "date": "2017-07-29T01:32:44.003000",
        "db": "NVD",
        "id": "CVE-2007-4124"
      },
      {
        "date": "2007-08-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200708-002"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200708-002"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cosminexus Component Container Session Handling Vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-001133"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "unknown",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200708-002"
      }
    ],
    "trust": 0.6
  }
}

ghsa-hhp6-3f6p-xrjv

Vulnerability from github

Published

2022-05-01 18:20

Modified

2022-05-01 18:20

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-4124"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-08-01T16:17:00Z",
    "severity": "MODERATE"
  },
  "details": "The session failover function in Cosminexus Component Container in Cosminexus 6, 6.7, and 7 before 20070731, as used in multiple Hitachi products, can use session data for the wrong user under unspecified conditions, which might allow remote authenticated users to obtain sensitive information, corrupt another user\u0027s session data, and possibly gain privileges.",
  "id": "GHSA-hhp6-3f6p-xrjv",
  "modified": "2022-05-01T18:20:24Z",
  "published": "2022-05-01T18:20:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4124"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35706"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/37852"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/26250"
    },
    {
      "type": "WEB",
      "url": "http://www.hitachi-support.com/security_e/vuls_e/HS07-024_e/index-e.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/25145"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/2725"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2007-4124

Vulnerability from cvelistv5

CVE-2007-4124

Vulnerability from jvndb

gsd-2007-4124

Vulnerability from gsd

var-200708-0154

Vulnerability from variot

ghsa-hhp6-3f6p-xrjv

Vulnerability from github

Tags

Sightings

Nomenclature