Vulnerability Description
The session failover function in Cosminexus Component Container in Cosminexus 6, 6.7, and 7 before 20070731, as used in multiple Hitachi products, can use session data for the wrong user under unspecified conditions, which might allow remote authenticated users to obtain sensitive information, corrupt another user's session data, and possibly gain privileges.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hitachi | Cosminexus Application Server | 6 |
| Hitachi | Cosminexus Collaboration Portal | All versions |
| Hitachi | Cosminexus Developer | 6 |
| Hitachi | Cosminexus Erp Integrator | All versions |
| Hitachi | Cosminexus Opentp1 Web Front-End Set | All versions |
| Hitachi | Electronic Form Workflow | All versions |
| Hitachi | Groupmax Collaboration Portal | All versions |
| Hitachi | Ucosminexus Application Server | All versions |
| Hitachi | Ucosminexus Collaboration Portal | All versions |
| Hitachi | Ucosminexus Developer | All versions |
| Hitachi | Ucosminexus Erp Integrator | All versions |
| Hitachi | Ucosminexus Opentp1 Web Front-End Set | All versions |
| Hitachi | Ucosminexus Service Architect | All versions |
| Hitachi | Ucosminexus Service Platform | All versions |
References
- http://osvdb.org/37852
- http://secunia.com/advisories/26250Vendor Advisory
- http://www.hitachi-support.com/security_e/vuls_e/HS07-024_e/index-e.htmlPatchVendor Advisory
- http://www.securityfocus.com/bid/25145
- http://www.vupen.com/english/advisories/2007/2725
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35706
- http://osvdb.org/37852
- http://secunia.com/advisories/26250Vendor Advisory
- http://www.hitachi-support.com/security_e/vuls_e/HS07-024_e/index-e.htmlPatchVendor Advisory
- http://www.securityfocus.com/bid/25145
- http://www.vupen.com/english/advisories/2007/2725
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35706
FAQ
What is CVE-2007-4124?
CVE-2007-4124 is a vulnerability with a CVSS score of 4.9 (MEDIUM). The session failover function in Cosminexus Component Container in Cosminexus 6, 6.7, and 7 before 20070731, as used in multiple Hitachi products, can use session data for the wrong user under unspeci...
How severe is CVE-2007-4124?
CVE-2007-4124 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-4124?
Check the references section above for vendor advisories and patch information. Affected products include: Hitachi Cosminexus Application Server, Hitachi Cosminexus Collaboration Portal, Hitachi Cosminexus Developer, Hitachi Cosminexus Erp Integrator, Hitachi Cosminexus Opentp1 Web Front-End Set.