Vulnerability Description
Buffer overflow in Hitachi Cosminexus V4 through V8, Processing Kit for XML, and Developer's Kit for Java, as used in products such as uCosminexus, Electronic Form Workflow, Groupmax, and IBM XL C/C++ Enterprise Edition 7 and 8, allows remote attackers to have an unknown impact via vectors related to the use of GIF image processing APIs by a Java application, and a different issue from CVE-2007-3794.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hitachi | Ucosminexus\/Opentp1 Web Web Front-Endset | 02-70 |
| Hitachi | Ucosminexus Application Server | 06-70 |
| Hitachi | Ucosminexus Client | 06-70 |
| Hitachi | Ucosminexus Collaboration | 06-20 |
| Hitachi | Ucosminexus Developer | 6 |
| Hitachi | Ucosminexus Operator | 6.7 |
| Hitachi | Ucosminexus Service Architect | 6.7 |
| Hitachi | Ucosminexus Service Platform | 6.7 |
| Hitachi | Processing Kit For Xml | 01-00 |
| Hitachi | Ibm Xl C\/C\+\+ V7 For Aix \& Hitachi Developer\'S Kit For Java | 01-00 |
| Hitachi | Ibm Xl C\/C\+\+ V8 For Aix \& Hitachi Developer\'S Kit For Java | 01-00 |
| Hitachi | Groupmax Collaboration | 07-20 |
| Hitachi | Electronic Form Workflow Set | 07-50 |
| Hitachi | Electronic Form Workflow-Standard Set | 06-70 |
| Hitachi | Electronic Form Workflow-Professional Set | 07-50 |
| Hitachi | Electronic Form Workflow-Professional Library Set | 06-70 |
| Hitachi | Electronic Form Workflow-Developer Set | 07-50 |
| Hitachi | Electronic Form Workflow-Developer Client Set | 06-70 |
| Hitachi | Developer\'S Kit For Java | All versions |
| Hitachi | Cosminexus\/Opentp1 Web Web Front-Endset | 01-00 |
Related Weaknesses (CWE)
References
- http://osvdb.org/57834
- http://secunia.com/advisories/36622Vendor Advisory
- http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-014/inde
- http://www.securityfocus.com/bid/36309
- http://www.vupen.com/english/advisories/2009/2574Vendor Advisory
- http://osvdb.org/57834
- http://secunia.com/advisories/36622Vendor Advisory
- http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-014/inde
- http://www.securityfocus.com/bid/36309
- http://www.vupen.com/english/advisories/2009/2574Vendor Advisory
FAQ
What is CVE-2009-4776?
CVE-2009-4776 is a vulnerability with a CVSS score of 9.3 (HIGH). Buffer overflow in Hitachi Cosminexus V4 through V8, Processing Kit for XML, and Developer's Kit for Java, as used in products such as uCosminexus, Electronic Form Workflow, Groupmax, and IBM XL C/C++...
How severe is CVE-2009-4776?
CVE-2009-4776 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-4776?
Check the references section above for vendor advisories and patch information. Affected products include: Hitachi Ucosminexus\/Opentp1 Web Web Front-Endset, Hitachi Ucosminexus Application Server, Hitachi Ucosminexus Client, Hitachi Ucosminexus Collaboration, Hitachi Ucosminexus Developer.