4.9

CVE-2007-4124

EPSS 0.36%
Veröffentlicht 01.08.2007 16:17:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The session failover function in Cosminexus Component Container in Cosminexus 6, 6.7, and 7 before 20070731, as used in multiple Hitachi products, can use session data for the wrong user under unspecified conditions, which might allow remote authenticated users to obtain sensitive information, corrupt another user's session data, and possibly gain privileges.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Hitachi ≫ Cosminexus Application Server Version6 Editionenterprise

Hitachi ≫ Cosminexus Application Server Version6 Editionstandard

Hitachi ≫ Cosminexus Collaboration Portal

Hitachi ≫ Cosminexus Developer Version6 Editionlight

Hitachi ≫ Cosminexus Developer Version6 Editionprofessional

Hitachi ≫ Cosminexus Developer Version6 Editionstandard

Hitachi ≫ Cosminexus Erp Integrator

Hitachi ≫ Cosminexus Opentp1 Web Front-end Set

Hitachi ≫ Electronic Form Workflow Editiondeveloper_client_set

Hitachi ≫ Electronic Form Workflow Editionprofessional_library_set

Hitachi ≫ Electronic Form Workflow Editionstandard_set

Hitachi ≫ Groupmax Collaboration Portal Editionserver

Hitachi ≫ Ucosminexus Application Server Editionenterprise

Hitachi ≫ Ucosminexus Application Server Editionstandard

Hitachi ≫ Ucosminexus Collaboration Portal Editionserver

Hitachi ≫ Ucosminexus Developer Editionlight

Hitachi ≫ Ucosminexus Developer Editionprofessional

Hitachi ≫ Ucosminexus Developer Editionstandard

Hitachi ≫ Ucosminexus Erp Integrator

Hitachi ≫ Ucosminexus Opentp1 Web Front-end Set

Hitachi ≫ Ucosminexus Service Architect

Hitachi ≫ Ucosminexus Service Platform

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.36%	0.554

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.9	6.8	4.9	AV:N/AC:M/Au:S/C:P/I:P/A:N

http://osvdb.org/37852

http://secunia.com/advisories/26250

Vendor Advisory

http://www.hitachi-support.com/security_e/vuls_e/HS07-024_e/index-e.html

Patch

Vendor Advisory

http://www.securityfocus.com/bid/25145

http://www.vupen.com/english/advisories/2007/2725

https://exchange.xforce.ibmcloud.com/vulnerabilities/35706

https://nvd.nist.gov/vuln/detail/CVE-2007-4124

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-4124

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-4124

EUVD