FKIE_CVE-2007-4124

Vulnerability from fkie_nvd - Published: 2007-08-01 16:17 - Updated: 2025-04-09 00:30
Severity ?
Summary
The session failover function in Cosminexus Component Container in Cosminexus 6, 6.7, and 7 before 20070731, as used in multiple Hitachi products, can use session data for the wrong user under unspecified conditions, which might allow remote authenticated users to obtain sensitive information, corrupt another user's session data, and possibly gain privileges.
References
cve@mitre.orghttp://osvdb.org/37852
cve@mitre.orghttp://secunia.com/advisories/26250Vendor Advisory
cve@mitre.orghttp://www.hitachi-support.com/security_e/vuls_e/HS07-024_e/index-e.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/25145
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/2725
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/35706
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/37852
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26250Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.hitachi-support.com/security_e/vuls_e/HS07-024_e/index-e.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/25145
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/2725
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/35706
Impacted products
Vendor Product Version
hitachi cosminexus_application_server 6
hitachi cosminexus_application_server 6
hitachi cosminexus_collaboration_portal *
hitachi cosminexus_developer 6
hitachi cosminexus_developer 6
hitachi cosminexus_developer 6
hitachi cosminexus_erp_integrator *
hitachi cosminexus_opentp1_web_front-end_set *
hitachi electronic_form_workflow *
hitachi electronic_form_workflow *
hitachi electronic_form_workflow *
hitachi groupmax_collaboration_portal *
hitachi ucosminexus_application_server *
hitachi ucosminexus_application_server *
hitachi ucosminexus_collaboration_portal *
hitachi ucosminexus_developer *
hitachi ucosminexus_developer *
hitachi ucosminexus_developer *
hitachi ucosminexus_erp_integrator *
hitachi ucosminexus_opentp1_web_front-end_set *
hitachi ucosminexus_service_architect *
hitachi ucosminexus_service_platform *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hitachi:cosminexus_application_server:6:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "336AC0E8-01DB-4D75-8F9F-E1673BE7883A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:cosminexus_application_server:6:*:standard:*:*:*:*:*",
              "matchCriteriaId": "B2306ACE-7FC7-4B52-AAE8-436A606C5041",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:cosminexus_collaboration_portal:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA4E08A2-D531-4DE2-B449-48B8AA11F365",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:cosminexus_developer:6:*:light:*:*:*:*:*",
              "matchCriteriaId": "44328F8D-C3B7-45CD-B01D-69328275C5A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:cosminexus_developer:6:*:professional:*:*:*:*:*",
              "matchCriteriaId": "43EFBD4E-DC14-4142-8128-B4261431E8FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:cosminexus_developer:6:*:standard:*:*:*:*:*",
              "matchCriteriaId": "7A7BE1FF-7B19-4F3F-B02D-2AA27B38F088",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:cosminexus_erp_integrator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "84DD23A3-EC26-4805-BCCC-9F6B1EED60D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:cosminexus_opentp1_web_front-end_set:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CACCCE63-723C-449B-9661-FCE9FA94DD65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:electronic_form_workflow:*:*:developer_client_set:*:*:*:*:*",
              "matchCriteriaId": "945C66CA-31DB-408D-BD4B-D023381F5DF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:electronic_form_workflow:*:*:professional_library_set:*:*:*:*:*",
              "matchCriteriaId": "424670C5-82C6-44E0-A3C0-4391F254E6BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:electronic_form_workflow:*:*:standard_set:*:*:*:*:*",
              "matchCriteriaId": "182C9BBE-DA39-412C-868A-CCDE7E4399CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:groupmax_collaboration_portal:*:*:server:*:*:*:*:*",
              "matchCriteriaId": "3A8F4CE3-0710-4F68-B8C3-31B5F4E13BA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:ucosminexus_application_server:*:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "F374179A-7C0D-48B2-B0FF-39F5D4A7E37B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:ucosminexus_application_server:*:*:standard:*:*:*:*:*",
              "matchCriteriaId": "272AD10C-E135-4EEE-8F48-E28CF5F7B3D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:ucosminexus_collaboration_portal:*:*:server:*:*:*:*:*",
              "matchCriteriaId": "271FC231-03E1-4C99-B9F3-A8536503B71B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:ucosminexus_developer:*:*:light:*:*:*:*:*",
              "matchCriteriaId": "8E2D80C1-773F-4C43-B990-2575782E619C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:ucosminexus_developer:*:*:professional:*:*:*:*:*",
              "matchCriteriaId": "03011EFF-6C5F-40F2-BF6D-FE4DE0E6F552",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:ucosminexus_developer:*:*:standard:*:*:*:*:*",
              "matchCriteriaId": "415BE30B-0222-4C2F-9791-273469DB5BED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:ucosminexus_erp_integrator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C963599-5B39-40A0-A834-E738164B3531",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:ucosminexus_opentp1_web_front-end_set:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C564AA10-5286-4986-A580-61EC7A746352",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:ucosminexus_service_architect:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "354BD4CE-7B1A-4442-9F87-08CD70D9499E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:ucosminexus_service_platform:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "72E63548-3AB3-4B78-AA2D-5B2AC7E06DD7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The session failover function in Cosminexus Component Container in Cosminexus 6, 6.7, and 7 before 20070731, as used in multiple Hitachi products, can use session data for the wrong user under unspecified conditions, which might allow remote authenticated users to obtain sensitive information, corrupt another user\u0027s session data, and possibly gain privileges."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n de recuperaci\u00f3n de sesi\u00f3n ante fallos en Cosminexus Component Container de Cosminexus 6, 6.7, y 7 anterior al 31/07/2007, como el usado en m\u00faltiples productos de Hitachi, puede utilizar informaci\u00f3n de la sesi\u00f3n para el usuario equivocado bajo ciertas condiciones no especificadas, lo cual podr\u00eda permitir a usuarios autenticados remotos obtener informaci\u00f3n sensible, corromper la informaci\u00f3n de sesi\u00f3n de otros usuarios, y posiblemente obtener privilegios."
    }
  ],
  "id": "CVE-2007-4124",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.9,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-08-01T16:17:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/37852"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26250"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.hitachi-support.com/security_e/vuls_e/HS07-024_e/index-e.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/25145"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/2725"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35706"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/37852"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26250"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.hitachi-support.com/security_e/vuls_e/HS07-024_e/index-e.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/25145"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/2725"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35706"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.