var-200708-0154
Vulnerability from variot
The session failover function in Cosminexus Component Container in Cosminexus 6, 6.7, and 7 before 20070731, as used in multiple Hitachi products, can use session data for the wrong user under unspecified conditions, which might allow remote authenticated users to obtain sensitive information, corrupt another user's session data, and possibly gain privileges. Hitachi uCosminexus is an application server system.
There is a vulnerability in Hitachi uCosminexus's session failover implementation. Remote attackers may use this vulnerability to obtain session-related sensitive data.
Details of the vulnerability are currently unknown.
BETA test the new Secunia Personal Software Inspector!
The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors.
Download the free PSI BETA from the Secunia website: https://psi.secunia.com/
TITLE: Hitachi Products Cosminexus Component Container Improper Session Data Handling
SECUNIA ADVISORY ID: SA26250
VERIFY ADVISORY: http://secunia.com/advisories/26250/
CRITICAL: Less critical
IMPACT: Security Bypass, Exposure of sensitive information
WHERE:
From local network
SOFTWARE: uCosminexus Application Server http://secunia.com/product/13819/ uCosminexus Service Platform http://secunia.com/product/13823/ uCosminexus Developer http://secunia.com/product/13820/ uCosminexus Service Architect http://secunia.com/product/13821/ Cosminexus 6.x http://secunia.com/product/5795/
DESCRIPTION: A security issue has been reported in Hitachi products, which potentially can be exploited by malicious users to gain knowledge of sensitive information or bypass certain security restrictions.
Please see the vendor's advisory for a list of affected products and versions.
SOLUTION: Please see the vendor's advisory for fix details.
PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
ORIGINAL ADVISORY: http://www.hitachi-support.com/security_e/vuls_e/HS07-024_e/index-e.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200708-0154",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 1.4,
"vendor": "hitachi",
"version": "enterprise"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 1.4,
"vendor": "hitachi",
"version": "standard"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 1.4,
"vendor": "hitachi",
"version": "light"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 1.4,
"vendor": "hitachi",
"version": "professional"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 1.4,
"vendor": "hitachi",
"version": "standard"
},
{
"model": "ucosminexus erp integrator",
"scope": null,
"trust": 1.4,
"vendor": "hitachi",
"version": null
},
{
"model": "electronic form workflow",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "*"
},
{
"model": "cosminexus developer",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "6"
},
{
"model": "groupmax collaboration portal",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "*"
},
{
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "*"
},
{
"model": "ucosminexus collaboration portal",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "*"
},
{
"model": "cosminexus opentp1 web front-end set",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "*"
},
{
"model": "cosminexus erp integrator",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "*"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "*"
},
{
"model": "ucosminexus opentp1 web front-end set",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "*"
},
{
"model": "cosminexus application server",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "6"
},
{
"model": "ucosminexus erp integrator",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "*"
},
{
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "*"
},
{
"model": "cosminexus collaboration portal",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "*"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "*"
},
{
"model": "cosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "enterprise version 6"
},
{
"model": "cosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "standard version 6"
},
{
"model": "cosminexus collaboration",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "server"
},
{
"model": "cosminexus component container",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "light version 6"
},
{
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "professional version 6"
},
{
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "standard version 6"
},
{
"model": "cosminexus erp integrator",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "cosminexus/opentp1",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "web front-end set"
},
{
"model": "electronic form workflow",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "developer client set"
},
{
"model": "electronic form workflow",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "professional library set"
},
{
"model": "electronic form workflow",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "standard set"
},
{
"model": "groupmax collaboration",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "server"
},
{
"model": "ucosminexus collaboration",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "server"
},
{
"model": "ucosminexus service",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "architect"
},
{
"model": "ucosminexus service",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "platform"
},
{
"model": "ucosminexus/opentp1",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "web front-end set"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
},
{
"model": "ucosminexus application server standard 06-70-/b",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus application server standard 06-70-/a",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus application server enterprise 06-70-/b",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus application server enterprise 06-70-/a",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "06-70"
},
{
"model": "ucosminexus service platform",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus opentp1 web front-end set",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus service architect",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus collaboration portal",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "server"
},
{
"model": "ucosminexus/opentp1 web front-end set",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "ucosminexus erp integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "ucosminexus collaboration server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "ucosminexus application server standard version",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6"
},
{
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-70"
},
{
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "ucosminexus application server smart edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "ucosminexus application server enterprise version",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6"
},
{
"model": "ucosminexus application server enterprise )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-80"
},
{
"model": "groupmax collaboration server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "electronic form workflow standard set",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "electronic form workflow professional library set",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "electronic form workflow developer client set",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "cosminexus/opentp1 web front-end set",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "cosminexus erp integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "cosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6"
},
{
"model": "cosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6"
},
{
"model": "cosminexus developer light",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6"
},
{
"model": "cosminexus collaboration server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "cosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6"
},
{
"model": "cosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-4792"
},
{
"db": "BID",
"id": "25145"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001133"
},
{
"db": "NVD",
"id": "CVE-2007-4124"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-002"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_collaboration_portal:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_developer:6:*:light:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:electronic_form_workflow:*:*:standard_set:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:groupmax_collaboration_portal:*:*:server:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_opentp1_web_front-end_set:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_service_architect:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_developer:6:*:professional:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_developer:6:*:standard:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server:*:*:enterprise:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server:*:*:standard:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_collaboration_portal:*:*:server:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_service_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_application_server:6:*:enterprise:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_application_server:6:*:standard:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:electronic_form_workflow:*:*:developer_client_set:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:electronic_form_workflow:*:*:professional_library_set:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_developer:*:*:standard:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_erp_integrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_erp_integrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_opentp1_web_front-end_set:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_developer:*:*:light:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_developer:*:*:professional:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-4124"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor disclosed this issue.",
"sources": [
{
"db": "BID",
"id": "25145"
}
],
"trust": 0.3
},
"cve": "CVE-2007-4124",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.9,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2007-001133",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-4124",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2007-001133",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200708-002",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001133"
},
{
"db": "NVD",
"id": "CVE-2007-4124"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-002"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The session failover function in Cosminexus Component Container in Cosminexus 6, 6.7, and 7 before 20070731, as used in multiple Hitachi products, can use session data for the wrong user under unspecified conditions, which might allow remote authenticated users to obtain sensitive information, corrupt another user\u0027s session data, and possibly gain privileges. Hitachi uCosminexus is an application server system. \n\n\u00a0There is a vulnerability in Hitachi uCosminexus\u0027s session failover implementation. Remote attackers may use this vulnerability to obtain session-related sensitive data. \n\n\u00a0Details of the vulnerability are currently unknown. \n\n----------------------------------------------------------------------\n\nBETA test the new Secunia Personal Software Inspector!\n\nThe Secunia PSI detects installed software on your computer and\ncategorises it as either Insecure, End-of-Life, or Up-To-Date. \nEffectively enabling you to focus your attention on software\ninstallations where more secure versions are available from the\nvendors. \n\nDownload the free PSI BETA from the Secunia website:\nhttps://psi.secunia.com/\n\n----------------------------------------------------------------------\n\nTITLE:\nHitachi Products Cosminexus Component Container Improper Session Data\nHandling\n\nSECUNIA ADVISORY ID:\nSA26250\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/26250/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nSecurity Bypass, Exposure of sensitive information\n\nWHERE:\n\u003eFrom local network\n\nSOFTWARE:\nuCosminexus Application Server\nhttp://secunia.com/product/13819/\nuCosminexus Service Platform\nhttp://secunia.com/product/13823/\nuCosminexus Developer\nhttp://secunia.com/product/13820/\nuCosminexus Service Architect\nhttp://secunia.com/product/13821/\nCosminexus 6.x\nhttp://secunia.com/product/5795/\n\nDESCRIPTION:\nA security issue has been reported in Hitachi products, which\npotentially can be exploited by malicious users to gain knowledge of\nsensitive information or bypass certain security restrictions. \n\nPlease see the vendor\u0027s advisory for a list of affected products and\nversions. \n\nSOLUTION:\nPlease see the vendor\u0027s advisory for fix details. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nhttp://www.hitachi-support.com/security_e/vuls_e/HS07-024_e/index-e.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-4124"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001133"
},
{
"db": "CNVD",
"id": "CNVD-2007-4792"
},
{
"db": "BID",
"id": "25145"
},
{
"db": "PACKETSTORM",
"id": "58201"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-4124",
"trust": 3.3
},
{
"db": "BID",
"id": "25145",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "26250",
"trust": 2.6
},
{
"db": "HITACHI",
"id": "HS07-024",
"trust": 2.0
},
{
"db": "VUPEN",
"id": "ADV-2007-2725",
"trust": 1.6
},
{
"db": "OSVDB",
"id": "37852",
"trust": 1.6
},
{
"db": "XF",
"id": "35706",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001133",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2007-4792",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200708-002",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "58201",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-4792"
},
{
"db": "BID",
"id": "25145"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001133"
},
{
"db": "PACKETSTORM",
"id": "58201"
},
{
"db": "NVD",
"id": "CVE-2007-4124"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-002"
}
]
},
"id": "VAR-200708-0154",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-4792"
}
],
"trust": 0.8833333299999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-4792"
}
]
},
"last_update_date": "2023-12-18T14:02:33.012000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HS07-024",
"trust": 0.8,
"url": "http://www.hitachi-support.com/security_e/vuls_e/hs07-024_e/index-e.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001133"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-4124"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://secunia.com/advisories/26250"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/25145"
},
{
"trust": 2.0,
"url": "http://www.hitachi-support.com/security_e/vuls_e/hs07-024_e/index-e.html"
},
{
"trust": 1.6,
"url": "http://osvdb.org/37852"
},
{
"trust": 1.4,
"url": "http://www.frsirt.com/english/advisories/2007/2725"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/35706"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2007/2725"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35706"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4124"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-4124"
},
{
"trust": 0.3,
"url": "http://www.hds.com/products/storage-software/hitachi-device-manager.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/13823/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/26250/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5795/"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/13820/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/13821/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/13819/"
}
],
"sources": [
{
"db": "BID",
"id": "25145"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001133"
},
{
"db": "PACKETSTORM",
"id": "58201"
},
{
"db": "NVD",
"id": "CVE-2007-4124"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-002"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2007-4792"
},
{
"db": "BID",
"id": "25145"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001133"
},
{
"db": "PACKETSTORM",
"id": "58201"
},
{
"db": "NVD",
"id": "CVE-2007-4124"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-002"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-07-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2007-4792"
},
{
"date": "2007-07-31T00:00:00",
"db": "BID",
"id": "25145"
},
{
"date": "2008-05-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-001133"
},
{
"date": "2007-08-01T00:35:42",
"db": "PACKETSTORM",
"id": "58201"
},
{
"date": "2007-08-01T16:17:00",
"db": "NVD",
"id": "CVE-2007-4124"
},
{
"date": "2007-08-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200708-002"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-07-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2007-4792"
},
{
"date": "2015-05-07T17:36:00",
"db": "BID",
"id": "25145"
},
{
"date": "2008-05-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-001133"
},
{
"date": "2017-07-29T01:32:44.003000",
"db": "NVD",
"id": "CVE-2007-4124"
},
{
"date": "2007-08-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200708-002"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200708-002"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cosminexus Component Container Session Handling Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001133"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200708-002"
}
],
"trust": 0.6
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.