cvelistv5 - cve-2007-4564

cve-2007-4564

Vulnerability from cvelistv5

Published

2007-08-28 01:00

Modified

2024-08-07 15:01

Severity

Summary

Cosminexus Manager in Cosminexus Application Server 07-00 and later might assign the wrong user's group permissions to logical user server processes, which allows local users to gain privileges.

References

Source	URL	Tags
cve@mitre.org	http://osvdb.org/37855
cve@mitre.org	http://secunia.com/advisories/26589	Patch, Vendor Advisory
cve@mitre.org	http://www.hitachi-support.com/security_e/vuls_e/HS07-025_e/index-e.html
cve@mitre.org	http://www.securityfocus.com/bid/25434
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/36245

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:01:09.517Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.hitachi-support.com/security_e/vuls_e/HS07-025_e/index-e.html"
          },
          {
            "name": "25434",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/25434"
          },
          {
            "name": "37855",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37855"
          },
          {
            "name": "26589",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26589"
          },
          {
            "name": "cosminexus-group-security-bypass(36245)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36245"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-08-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cosminexus Manager in Cosminexus Application Server 07-00 and later might assign the wrong user\u0027s group permissions to logical user server processes, which allows local users to gain privileges."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.hitachi-support.com/security_e/vuls_e/HS07-025_e/index-e.html"
        },
        {
          "name": "25434",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/25434"
        },
        {
          "name": "37855",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37855"
        },
        {
          "name": "26589",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26589"
        },
        {
          "name": "cosminexus-group-security-bypass(36245)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36245"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-4564",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cosminexus Manager in Cosminexus Application Server 07-00 and later might assign the wrong user\u0027s group permissions to logical user server processes, which allows local users to gain privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.hitachi-support.com/security_e/vuls_e/HS07-025_e/index-e.html",
              "refsource": "CONFIRM",
              "url": "http://www.hitachi-support.com/security_e/vuls_e/HS07-025_e/index-e.html"
            },
            {
              "name": "25434",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/25434"
            },
            {
              "name": "37855",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37855"
            },
            {
              "name": "26589",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26589"
            },
            {
              "name": "cosminexus-group-security-bypass(36245)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36245"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-4564",
    "datePublished": "2007-08-28T01:00:00",
    "dateReserved": "2007-08-27T00:00:00",
    "dateUpdated": "2024-08-07T15:01:09.517Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-4564\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-08-28T01:17:00.000\",\"lastModified\":\"2017-07-29T01:33:00.897\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cosminexus Manager in Cosminexus Application Server 07-00 and later might assign the wrong user\u0027s group permissions to logical user server processes, which allows local users to gain privileges.\"},{\"lang\":\"es\",\"value\":\"Cosminexus Manager en Cosminexus Application Server 07-00 y posteriores podr\u00edan asignar permisos de grupos de usuarios de forma incorrecta a procesos del servidor de l\u00f3gica de usuario, el cual permite a usuarios locales ganar privilegios.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":4.6},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:cosminexus_application_server_enterprise:06_50:*:aix:*:*:*:*:*\",\"matchCriteriaId\":\"F7AA2F96-CF8B-47ED-87EA-75DF8D90E3AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:cosminexus_application_server_enterprise:06_50:*:hpux:*:*:*:*:*\",\"matchCriteriaId\":\"236D9E91-37DE-4D43-90A4-765800D76DBF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:cosminexus_application_server_enterprise:06_50:*:linux:*:*:*:*:*\",\"matchCriteriaId\":\"49F54B21-D9CF-41B7-88F9-C70261925B09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:cosminexus_application_server_enterprise:06_50:*:linux_ipf:*:*:*:*:*\",\"matchCriteriaId\":\"5D1C24CE-3B20-44B5-BE21-2FAD1CCC9EEB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:cosminexus_application_server_enterprise:06_50:*:solaris:*:*:*:*:*\",\"matchCriteriaId\":\"C9A0DB59-010E-4945-A6B1-694269838299\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:cosminexus_application_server_enterprise:06_50_b:*:linux_ipf:*:*:*:*:*\",\"matchCriteriaId\":\"90219723-B2D7-4E35-94E0-B12FF452AA99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:cosminexus_application_server_enterprise:06_50_c:*:linux:*:*:*:*:*\",\"matchCriteriaId\":\"BE770156-FDF2-4818-A7F8-9062D7132CBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:cosminexus_application_server_enterprise:06_50_c_1:*:hpux_ipf:*:*:*:*:*\",\"matchCriteriaId\":\"74E73757-B69E-461D-B0BC-06FA6D321E5E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:cosminexus_application_server_enterprise:06_50_c_1:*:solaris:*:*:*:*:*\",\"matchCriteriaId\":\"13E1CC0C-4322-4F78-B24D-638AF7D7CD70\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:cosminexus_application_server_enterprise:06_50_e_1:*:hpux:*:*:*:*:*\",\"matchCriteriaId\":\"662B20FF-8BB3-431E-A1DD-251A587B399E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:cosminexus_application_server_enterprise:06_50_f:*:aix:*:*:*:*:*\",\"matchCriteriaId\":\"995EA2B9-DC6E-4393-BAFC-9A5550DE653A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:cosminexus_application_server_enterprise:06_51:*:linux_ipf:*:*:*:*:*\",\"matchCriteriaId\":\"8C494CF0-A0AF-4435-B273-0A0754985640\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:cosminexus_application_server_enterprise:06_51_b_1:*:linux_ipf:*:*:*:*:*\",\"matchCriteriaId\":\"2B4131DA-3B12-459E-AE98-978FB496270C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:cosminexus_application_server_enterprise:06_51_c:*:linux:*:*:*:*:*\",\"matchCriteriaId\":\"1A137E25-6B8A-4861-8DEA-F19DCBDFD955\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:cosminexus_application_server_standard:06_50:*:aix:*:*:*:*:*\",\"matchCriteriaId\":\"6F823A2E-4D86-4C9B-ABDA-252B72FA0113\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:cosminexus_application_server_standard:06_50:*:hpux:*:*:*:*:*\",\"matchCriteriaId\":\"F4511C24-ADD2-4DB6-A21C-25AEE1BCD9E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:cosminexus_application_server_standard:06_50:*:hpux_ipf:*:*:*:*:*\",\"matchCriteriaId\":\"FA466BD3-AD09-44FB-99AE-4D5F883C32F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:cosminexus_application_server_standard:06_50:*:linux:*:*:*:*:*\",\"matchCriteriaId\":\"D4BEEF1B-27CE-476C-BDF7-1922D94D8BF8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:cosminexus_application_server_standard:06_50:*:linux_ipf:*:*:*:*:*\",\"matchCriteriaId\":\"AE9F2873-D1B8-40C5-BBE7-85D8875FAABD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:cosminexus_application_server_standard:06_50_b:*:linux_ipf:*:*:*:*:*\",\"matchCriteriaId\":\"79422655-ECE2-41DD-8319-747B0DDF22CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:cosminexus_application_server_standard:06_50_c:*:linux:*:*:*:*:*\",\"matchCriteriaId\":\"E5D936F5-A4BA-4303-8185-0E3B9DD21E98\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:cosminexus_application_server_standard:06_50_c_1:*:hpux_ipf:*:*:*:*:*\",\"matchCriteriaId\":\"8D272DC2-7A28-478D-B6F2-B0A6825A4E37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:cosminexus_application_server_standard:06_50_c_1:*:solaris:*:*:*:*:*\",\"matchCriteriaId\":\"1AE1BC52-7D66-4156-A965-3392D0F25F97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:cosminexus_application_server_standard:06_50_e_1:*:hpux:*:*:*:*:*\",\"matchCriteriaId\":\"58D341DC-1558-42AD-A328-6ABE3DD4142E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:cosminexus_application_server_standard:06_50_f:*:aix:*:*:*:*:*\",\"matchCriteriaId\":\"3BAB8404-E909-4DDD-9D1E-145FCDAB9C3C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:cosminexus_application_server_standard:06_51:*:linux:*:*:*:*:*\",\"matchCriteriaId\":\"456D38AB-D5B4-47C4-AA93-B82CD97CEBAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:cosminexus_application_server_standard:06_51:*:linux_ipf:*:*:*:*:*\",\"matchCriteriaId\":\"A5A2201A-F2EF-4324-9D48-D11908E12261\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:cosminexus_application_server_standard:06_51_b_1:*:linux:*:*:*:*:*\",\"matchCriteriaId\":\"310697C7-2238-492A-BAD5-D9F7C3A568F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:cosminexus_application_server_standard:06_51_c:*:linux:*:*:*:*:*\",\"matchCriteriaId\":\"A5B8211D-EA3C-49BA-A37B-A6BFBBA00F8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:electronic_form_workflow_-_standard_set:07_00:*:linux:*:*:*:*:*\",\"matchCriteriaId\":\"7E107823-9EF7-4716-9C75-1BB0E3432CA0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:electronic_form_workflow_-_standard_set:07_00_b:*:linux:*:*:*:*:*\",\"matchCriteriaId\":\"226CB6F1-1E01-40E5-97D9-5FD93EF74B94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:electronic_form_workflow_-professional_library_set:07_00:*:linux:*:*:*:*:*\",\"matchCriteriaId\":\"1D153999-0B49-4C8F-B949-3FDBCD67906C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:electronic_form_workflow_-professional_library_set:07_00_b:*:linux:*:*:*:*:*\",\"matchCriteriaId\":\"455233D1-131E-4384-857C-8165974DCA48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:06_70:*:aix:*:*:*:*:*\",\"matchCriteriaId\":\"18967E4A-3D79-49AD-97B1-EB4328949729\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:06_70:*:solaris:*:*:*:*:*\",\"matchCriteriaId\":\"7E7A6668-41D5-4AF3-9A20-EEC00781F68C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:06_70_a:*:aix:*:*:*:*:*\",\"matchCriteriaId\":\"D9DFC8FF-7618-42A6-A8DB-4D7A75DE5C3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:06_70_a:*:solaris:*:*:*:*:*\",\"matchCriteriaId\":\"6E676236-8986-45F8-B720-84A5156B6DDA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:06_70_b:*:aix:*:*:*:*:*\",\"matchCriteriaId\":\"43BA2D74-289E-4201-8F4B-78E8E64CA358\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:06_70_b:*:hpux_ipf:*:*:*:*:*\",\"matchCriteriaId\":\"51A48F4D-6E53-4CD0-BEBA-8882393A7A73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:06_70_b:*:linux_ipf:*:*:*:*:*\",\"matchCriteriaId\":\"B55FE085-3CCD-4DF9-A2BD-F22FC4EF940A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:06_70_b:*:solaris:*:*:*:*:*\",\"matchCriteriaId\":\"2D3E1E8D-D75F-49AB-B086-58EF334A084F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:06_70_b_1:*:linux:*:*:*:*:*\",\"matchCriteriaId\":\"982584F4-A3EA-4B71-B084-8A80927092CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:06_70_d:*:aix:*:*:*:*:*\",\"matchCriteriaId\":\"F60ED027-FD72-47F8-9230-DAEF1B218B1E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:06_70_g:*:hpux_ipf:*:*:*:*:*\",\"matchCriteriaId\":\"6B7B56A8-E705-4B9D-8763-EF281F875802\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:06_71:*:linux:*:*:*:*:*\",\"matchCriteriaId\":\"D4B082D2-0E8C-4442-9E92-7867C0D3F1CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:06_71_b:*:hpux:*:*:*:*:*\",\"matchCriteriaId\":\"7B06B22B-5DE0-4AD3-9056-80FE5D02EC13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:06_71_b:*:linux:*:*:*:*:*\",\"matchCriteriaId\":\"19B0E862-F36A-4419-B8AC-BB3B0B28A3BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:06_71_c:*:solaris:*:*:*:*:*\",\"matchCriteriaId\":\"B7E09F38-1B66-404B-9E22-A1B2D1464AE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:06_72_1:*:hpux:*:*:*:*:*\",\"matchCriteriaId\":\"26D40FE4-7956-4D87-9DA2-99E6F62B6525\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:06_72_b:*:linux:*:*:*:*:*\",\"matchCriteriaId\":\"F16F6336-42F5-4941-B700-73DAEDE83E7F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:06_72_b:*:linux_ipf:*:*:*:*:*\",\"matchCriteriaId\":\"191D1364-D6F1-4778-B765-7AF0D18439BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:06_72_g:*:hpux_ipf:*:*:*:*:*\",\"matchCriteriaId\":\"D363EB0D-F881-45ED-A3E0-1148BC648889\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:07-00-01:*:linux:*:*:*:*:*\",\"matchCriteriaId\":\"45A8B520-1678-47D2-8D1B-AB6BA818DBE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:07_00:*:aix:*:*:*:*:*\",\"matchCriteriaId\":\"F6FE70C8-749C-40A0-B087-14FDB6097CD5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:07_00:*:hpux_ipf:*:*:*:*:*\",\"matchCriteriaId\":\"2FE5D346-61E9-489B-9529-AA559E111DCF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:07_00:*:linux:*:*:*:*:*\",\"matchCriteriaId\":\"E0E60F8E-0116-4215-8E52-1A663ECB834B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:07_00:*:solaris:*:*:*:*:*\",\"matchCriteriaId\":\"4FAC97A3-04E7-425C-AD8F-B75838E975FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:07_00_12:*:hpux_ipf:*:*:*:*:*\",\"matchCriteriaId\":\"A5934C16-A21C-4275-89CA-B1287F8BAFE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:07_10:*:aix:*:*:*:*:*\",\"matchCriteriaId\":\"48E93BDB-BB6D-4D1C-B3DD-3518E045F753\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:07_10:*:hpux:*:*:*:*:*\",\"matchCriteriaId\":\"82648C13-1D91-4C4C-A17B-64BCC5A24147\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:07_10:*:hpux_ipf:*:*:*:*:*\",\"matchCriteriaId\":\"12382EE9-4D34-4724-9023-5F6C48944F4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:07_10:*:linux:*:*:*:*:*\",\"matchCriteriaId\":\"8453ECF8-9419-4AD3-9541-B362FA58E4E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:07_10:*:linux_ipf:*:*:*:*:*\",\"matchCriteriaId\":\"B0316DD8-E2EB-4953-96BC-894B87D6C815\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:07_10_1:*:linux_ipf:*:*:*:*:*\",\"matchCriteriaId\":\"01D417A7-FB2E-4813-AEF3-9F136AB8106B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:07_10_06:*:linux_ipf:*:*:*:*:*\",\"matchCriteriaId\":\"ED59C48E-BA08-4E29-BB01-9F22CC20D7C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:07_10_08:*:hpux_ipf:*:*:*:*:*\",\"matchCriteriaId\":\"FE697045-8D42-43E0-8C98-7961E21E2B32\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_standard:06_70:*:solaris:*:*:*:*:*\",\"matchCriteriaId\":\"673C833D-A7F8-4941-B7F9-AC17E67FB717\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_standard:06_70_a:*:aix:*:*:*:*:*\",\"matchCriteriaId\":\"E9E62188-DCA4-4749-A451-9A12E9F53B5F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_standard:06_70_a:*:solaris:*:*:*:*:*\",\"matchCriteriaId\":\"569AC136-11EE-47A6-8150-F983768AE58B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_standard:06_70_b:*:aix:*:*:*:*:*\",\"matchCriteriaId\":\"65CA666D-E597-45C2-9DBF-DD728B5480AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_standard:06_70_b:*:hpux:*:*:*:*:*\",\"matchCriteriaId\":\"5DEB6A9B-A029-4F70-95E7-16DD33D736E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_standard:06_70_b:*:linux_ipf:*:*:*:*:*\",\"matchCriteriaId\":\"5F8C5DC3-CF27-4AED-B97B-03DFCD743746\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_standard:06_70_b:*:solaris:*:*:*:*:*\",\"matchCriteriaId\":\"39E1498C-6267-4266-B7E6-A1E70CF25A03\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_standard:06_70_b_1:*:linux:*:*:*:*:*\",\"matchCriteriaId\":\"CAA364D2-B6AB-4BEE-BBC6-D9C9BED57CC9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_standard:06_70_c:*:solaris:*:*:*:*:*\",\"matchCriteriaId\":\"A68736B4-66E3-45E4-9B3A-222E0F4463BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_standard:06_70_d:*:aix:*:*:*:*:*\",\"matchCriteriaId\":\"A62CCAA4-8156-4E05-8A96-81558F478C59\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_standard:06_71:*:linux:*:*:*:*:*\",\"matchCriteriaId\":\"45D28BE6-DA8F-433B-84FA-35965A7C02A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_standard:06_71_b:*:linux:*:*:*:*:*\",\"matchCriteriaId\":\"D0DF3D57-8E23-4293-883A-BDF555CA7048\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_standard:06_72_1:*:hpux:*:*:*:*:*\",\"matchCriteriaId\":\"8C8743DB-CCA4-4519-847E-7FDA353026F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_standard:06_72_b_1:*:linux:*:*:*:*:*\",\"matchCriteriaId\":\"9BBE9283-5E06-4F2E-AA14-4B536C20AC61\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_standard:06_72_c:*:solaris:*:*:*:*:*\",\"matchCriteriaId\":\"386B6C72-C5EF-47A0-B6F5-E0B50C042FEA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_standard:06_72_d:*:aix:*:*:*:*:*\",\"matchCriteriaId\":\"13509F94-3953-4E87-BBB5-02FA5EACC024\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_standard:06_72_g:*:hpux_ipf:*:*:*:*:*\",\"matchCriteriaId\":\"B4B51A86-7C91-454D-8A71-6E652ACE948C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_standard:07_00:*:aix:*:*:*:*:*\",\"matchCriteriaId\":\"1F7055A9-7A8A-4EB0-B202-220825B3FBEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_standard:07_00:*:hpux_ipf:*:*:*:*:*\",\"matchCriteriaId\":\"4919D1DA-37C9-4C18-8F5B-C0BC6F6915D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_standard:07_00:*:linux:*:*:*:*:*\",\"matchCriteriaId\":\"20ED59C6-CD06-4FE1-A484-A7E642F33AFB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_standard:07_00:*:solaris:*:*:*:*:*\",\"matchCriteriaId\":\"58266C54-32FE-4E5D-94A8-4291A87208EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_standard:07_00_1:*:linux:*:*:*:*:*\",\"matchCriteriaId\":\"725FA408-39B0-4A14-946C-6BDAB6E0FE4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_standard:07_10:*:hpux:*:*:*:*:*\",\"matchCriteriaId\":\"930CA326-7B3E-4C46-8DD1-CB17CD0CC5FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_standard:07_10:*:hpux_ipf:*:*:*:*:*\",\"matchCriteriaId\":\"6511A0F9-6B01-49E1-8693-B6EC044DDB3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_standard:07_10:*:linux:*:*:*:*:*\",\"matchCriteriaId\":\"0E5A504F-C4B1-44EC-A7AC-8690CF925B0F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_standard:07_10:*:linux_ipf:*:*:*:*:*\",\"matchCriteriaId\":\"84BE463B-0A3E-477C-B912-966625887D65\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_service_platform:07_00:*:linux:*:*:*:*:*\",\"matchCriteriaId\":\"0CADDEE7-D529-4644-9A5F-6235AD072CCB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_service_platform:07_10:*:aix:*:*:*:*:*\",\"matchCriteriaId\":\"1D1DAE56-DEA3-45C3-AFD7-1C40F6C62CA9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_service_platform:07_10:*:linux:*:*:*:*:*\",\"matchCriteriaId\":\"CED6A3B7-F58D-47BE-81DB-59AC0DFC7F41\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/37855\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/26589\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.hitachi-support.com/security_e/vuls_e/HS07-025_e/index-e.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/25434\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/36245\",\"source\":\"cve@mitre.org\"}]}}"
  }
}

gsd-2007-4564

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Cosminexus Manager in Cosminexus Application Server 07-00 and later might assign the wrong user's group permissions to logical user server processes, which allows local users to gain privileges.

Aliases

CVE-2007-4564

Aliases

CVE-2007-4564

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-4564",
    "description": "Cosminexus Manager in Cosminexus Application Server 07-00 and later might assign the wrong user\u0027s group permissions to logical user server processes, which allows local users to gain privileges.",
    "id": "GSD-2007-4564"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-4564"
      ],
      "details": "Cosminexus Manager in Cosminexus Application Server 07-00 and later might assign the wrong user\u0027s group permissions to logical user server processes, which allows local users to gain privileges.",
      "id": "GSD-2007-4564",
      "modified": "2023-12-13T01:21:36.901010Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-4564",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cosminexus Manager in Cosminexus Application Server 07-00 and later might assign the wrong user\u0027s group permissions to logical user server processes, which allows local users to gain privileges."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.hitachi-support.com/security_e/vuls_e/HS07-025_e/index-e.html",
            "refsource": "CONFIRM",
            "url": "http://www.hitachi-support.com/security_e/vuls_e/HS07-025_e/index-e.html"
          },
          {
            "name": "25434",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/25434"
          },
          {
            "name": "37855",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/37855"
          },
          {
            "name": "26589",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/26589"
          },
          {
            "name": "cosminexus-group-security-bypass(36245)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36245"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_application_server_enterprise:06_50_c:*:linux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_application_server_enterprise:06_50_c_1:*:hpux_ipf:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_application_server_standard:06_50:*:hpux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_application_server_standard:06_50:*:hpux_ipf:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_application_server_standard:06_50_e_1:*:hpux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_application_server_standard:06_50_f:*:aix:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:electronic_form_workflow_-professional_library_set:07_00:*:linux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:electronic_form_workflow_-professional_library_set:07_00_b:*:linux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:06_70_b:*:solaris:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:06_70_b_1:*:linux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:06_72_1:*:hpux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:06_72_b:*:linux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:07_00:*:solaris:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:07_00_12:*:hpux_ipf:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:07_10_1:*:linux_ipf:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_standard:06_70:*:solaris:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_standard:06_70_b_1:*:linux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_standard:06_70_c:*:solaris:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_standard:06_72_d:*:aix:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_standard:06_72_g:*:hpux_ipf:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_standard:07_00:*:aix:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_standard:07_10:*:linux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_standard:07_10:*:linux_ipf:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_application_server_enterprise:06_50:*:solaris:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_application_server_enterprise:06_50_b:*:linux_ipf:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_application_server_enterprise:06_51_c:*:linux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_application_server_standard:06_50:*:aix:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_application_server_standard:06_50_c_1:*:hpux_ipf:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_application_server_standard:06_50_c_1:*:solaris:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:electronic_form_workflow_-_standard_set:07_00:*:linux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:electronic_form_workflow_-_standard_set:07_00_b:*:linux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:06_70_b:*:hpux_ipf:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:06_70_b:*:linux_ipf:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:06_71_b:*:linux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:06_71_c:*:solaris:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:07_00:*:hpux_ipf:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:07_00:*:linux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:07_10_06:*:linux_ipf:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:07_10_08:*:hpux_ipf:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_standard:06_70_b:*:linux_ipf:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_standard:06_70_b:*:solaris:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_standard:06_72_b_1:*:linux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_standard:06_72_c:*:solaris:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_standard:07_10:*:hpux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_standard:07_10:*:hpux_ipf:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_application_server_enterprise:06_50:*:aix:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_application_server_enterprise:06_50:*:hpux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_application_server_enterprise:06_50_c_1:*:solaris:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_application_server_enterprise:06_50_e_1:*:hpux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_application_server_standard:06_50:*:linux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_application_server_standard:06_50:*:linux_ipf:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_application_server_standard:06_51:*:linux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_application_server_standard:06_51:*:linux_ipf:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:06_70:*:aix:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:06_70:*:solaris:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:06_70_d:*:aix:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:06_70_g:*:hpux_ipf:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:06_72_b:*:linux_ipf:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:06_72_g:*:hpux_ipf:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:07_10:*:aix:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:07_10:*:hpux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:07_10:*:hpux_ipf:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_standard:06_70_a:*:aix:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_standard:06_70_a:*:solaris:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_standard:06_70_d:*:aix:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_standard:06_71:*:linux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_standard:07_00:*:hpux_ipf:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_standard:07_00:*:linux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_service_platform:07_00:*:linux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_service_platform:07_10:*:aix:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_application_server_enterprise:06_50:*:linux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_application_server_enterprise:06_50:*:linux_ipf:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_application_server_enterprise:06_50_f:*:aix:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_application_server_enterprise:06_51:*:linux_ipf:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_application_server_enterprise:06_51_b_1:*:linux_ipf:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_application_server_standard:06_50_b:*:linux_ipf:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_application_server_standard:06_50_c:*:linux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_application_server_standard:06_51_b_1:*:linux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_application_server_standard:06_51_c:*:linux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:06_70_a:*:aix:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:06_70_a:*:solaris:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:06_70_b:*:aix:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:06_71:*:linux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:06_71_b:*:hpux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:07-00-01:*:linux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:07_00:*:aix:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:07_10:*:linux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:07_10:*:linux_ipf:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_standard:06_70_b:*:aix:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_standard:06_70_b:*:hpux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_standard:06_71_b:*:linux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_standard:06_72_1:*:hpux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_standard:07_00:*:solaris:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_standard:07_00_1:*:linux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_service_platform:07_10:*:linux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-4564"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cosminexus Manager in Cosminexus Application Server 07-00 and later might assign the wrong user\u0027s group permissions to logical user server processes, which allows local users to gain privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.hitachi-support.com/security_e/vuls_e/HS07-025_e/index-e.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.hitachi-support.com/security_e/vuls_e/HS07-025_e/index-e.html"
            },
            {
              "name": "25434",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/25434"
            },
            {
              "name": "26589",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/26589"
            },
            {
              "name": "37855",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/37855"
            },
            {
              "name": "cosminexus-group-security-bypass(36245)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36245"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-07-29T01:33Z",
      "publishedDate": "2007-08-28T01:17Z"
    }
  }
}

cve-2007-4564

Vulnerability from jvndb

Published

2008-05-21 00:00

Modified

2008-05-21 00:00

Severity

() - -

Summary

Cosminexus Application Server Incorrect Group Permission Handling Vulnerability

Details

When a logical J2EE server or logical user server is started from Cosminexus Manager in Cosminexus Application Server, Cosminexus Manager may assign the wrong user's group permissions to an activated server process.

References

Type	URL
CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4564
NVD	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4564
SECUNIA	http://secunia.com/advisories/26589
BID	http://www.securityfocus.com/bid/25434
XF	http://xforce.iss.net/xforce/xfdb/36245
Permissions(CWE-264)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor	Product
Hitachi, Ltd	Cosminexus Application Server
Hitachi, Ltd	Electronic Form Workflow
Hitachi, Ltd	uCosminexus Application Server
Hitachi, Ltd	uCosminexus Service

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-001091.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "When a logical J2EE server or logical user server is started from Cosminexus Manager in Cosminexus Application Server, Cosminexus Manager may assign the wrong user\u0027s group permissions to an activated server process.",
  "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-001091.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:hitachi:cosminexus_application_server",
      "@product": "Cosminexus Application Server",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:electronic_form_workflow",
      "@product": "Electronic Form Workflow",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_application_server",
      "@product": "uCosminexus Application Server",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_service",
      "@product": "uCosminexus Service",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "4.6",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2007-001091",
  "sec:references": [
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4564",
      "@id": "CVE-2007-4564",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4564",
      "@id": "CVE-2007-4564",
      "@source": "NVD"
    },
    {
      "#text": "http://secunia.com/advisories/26589",
      "@id": "SA26589",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/25434",
      "@id": "25434",
      "@source": "BID"
    },
    {
      "#text": "http://xforce.iss.net/xforce/xfdb/36245",
      "@id": "36245",
      "@source": "XF"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    }
  ],
  "title": "Cosminexus Application Server Incorrect Group Permission Handling Vulnerability"
}

ghsa-rwvw-fwqw-7f2x

Vulnerability from github

Published

2022-05-01 18:24

Modified

2022-05-01 18:24

Details

Cosminexus Manager in Cosminexus Application Server 07-00 and later might assign the wrong user's group permissions to logical user server processes, which allows local users to gain privileges.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-4564"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-08-28T01:17:00Z",
    "severity": "MODERATE"
  },
  "details": "Cosminexus Manager in Cosminexus Application Server 07-00 and later might assign the wrong user\u0027s group permissions to logical user server processes, which allows local users to gain privileges.",
  "id": "GHSA-rwvw-fwqw-7f2x",
  "modified": "2022-05-01T18:24:52Z",
  "published": "2022-05-01T18:24:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4564"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36245"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/37855"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/26589"
    },
    {
      "type": "WEB",
      "url": "http://www.hitachi-support.com/security_e/vuls_e/HS07-025_e/index-e.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/25434"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Action not permitted

cve-2007-4564

Vulnerability from cvelistv5

gsd-2007-4564

Vulnerability from gsd

cve-2007-4564

Vulnerability from jvndb

ghsa-rwvw-fwqw-7f2x

Vulnerability from github

Tags