CVE-2007-4124

Severity Score

4.9

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The session failover function in Cosminexus Component Container in Cosminexus 6, 6.7, and 7 before 20070731, as used in multiple Hitachi products, can use session data for the wrong user under unspecified conditions, which might allow remote authenticated users to obtain sensitive information, corrupt another user's session data, and possibly gain privileges.

La función de recuperación de sesión ante fallos en Cosminexus Component Container de Cosminexus 6, 6.7, y 7 anterior al 31/07/2007, como el usado en múltiples productos de Hitachi, puede utilizar información de la sesión para el usuario equivocado bajo ciertas condiciones no especificadas, lo cual podría permitir a usuarios autenticados remotos obtener información sensible, corromper la información de sesión de otros usuarios, y posiblemente obtener privilegios.

*Credits: N/A

CVSS Scores

NISTv2 4.9

Attack Vector

Network

Attack Complexity

Medium

Authentication

Single

Confidentiality

Partial

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-08-01 CVE Reserved
2007-08-01 CVE Published
2024-07-12 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (6)

URL	Tag	Source
http://osvdb.org/37852	Vdb Entry
http://www.securityfocus.com/bid/25145	Vdb Entry
http://www.vupen.com/english/advisories/2007/2725	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/35706	Vdb Entry

URL	Date	SRC

URL	Date	SRC
http://www.hitachi-support.com/security_e/vuls_e/HS07-024_e/index-e.html	2017-07-29

URL	Date	SRC
http://secunia.com/advisories/26250	2017-07-29

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Hitachi Search vendor "Hitachi"		Cosminexus Application Server Search vendor "Hitachi" for product "Cosminexus Application Server"				6 Search vendor "Hitachi" for product "Cosminexus Application Server" and version "6"		enterprise		Affected
Hitachi Search vendor "Hitachi"		Cosminexus Application Server Search vendor "Hitachi" for product "Cosminexus Application Server"				6 Search vendor "Hitachi" for product "Cosminexus Application Server" and version "6"		standard		Affected
Hitachi Search vendor "Hitachi"		Cosminexus Collaboration Portal Search vendor "Hitachi" for product "Cosminexus Collaboration Portal"				*		-		Affected
Hitachi Search vendor "Hitachi"		Cosminexus Developer Search vendor "Hitachi" for product "Cosminexus Developer"				6 Search vendor "Hitachi" for product "Cosminexus Developer" and version "6"		light		Affected
Hitachi Search vendor "Hitachi"		Cosminexus Developer Search vendor "Hitachi" for product "Cosminexus Developer"				6 Search vendor "Hitachi" for product "Cosminexus Developer" and version "6"		professional		Affected
Hitachi Search vendor "Hitachi"		Cosminexus Developer Search vendor "Hitachi" for product "Cosminexus Developer"				6 Search vendor "Hitachi" for product "Cosminexus Developer" and version "6"		standard		Affected
Hitachi Search vendor "Hitachi"		Cosminexus Erp Integrator Search vendor "Hitachi" for product "Cosminexus Erp Integrator"				*		-		Affected
Hitachi Search vendor "Hitachi"		Cosminexus Opentp1 Web Front-end Set Search vendor "Hitachi" for product "Cosminexus Opentp1 Web Front-end Set"				*		-		Affected
Hitachi Search vendor "Hitachi"		Electronic Form Workflow Search vendor "Hitachi" for product "Electronic Form Workflow"				*		developer_client_set		Affected
Hitachi Search vendor "Hitachi"		Electronic Form Workflow Search vendor "Hitachi" for product "Electronic Form Workflow"				*		professional_library_set		Affected
Hitachi Search vendor "Hitachi"		Electronic Form Workflow Search vendor "Hitachi" for product "Electronic Form Workflow"				*		standard_set		Affected
Hitachi Search vendor "Hitachi"		Groupmax Collaboration Portal Search vendor "Hitachi" for product "Groupmax Collaboration Portal"				*		server		Affected
Hitachi Search vendor "Hitachi"		Ucosminexus Application Server Search vendor "Hitachi" for product "Ucosminexus Application Server"				*		enterprise		Affected
Hitachi Search vendor "Hitachi"		Ucosminexus Application Server Search vendor "Hitachi" for product "Ucosminexus Application Server"				*		standard		Affected
Hitachi Search vendor "Hitachi"		Ucosminexus Collaboration Portal Search vendor "Hitachi" for product "Ucosminexus Collaboration Portal"				*		server		Affected
Hitachi Search vendor "Hitachi"		Ucosminexus Developer Search vendor "Hitachi" for product "Ucosminexus Developer"				*		light		Affected
Hitachi Search vendor "Hitachi"		Ucosminexus Developer Search vendor "Hitachi" for product "Ucosminexus Developer"				*		professional		Affected
Hitachi Search vendor "Hitachi"		Ucosminexus Developer Search vendor "Hitachi" for product "Ucosminexus Developer"				*		standard		Affected
Hitachi Search vendor "Hitachi"		Ucosminexus Erp Integrator Search vendor "Hitachi" for product "Ucosminexus Erp Integrator"				*		-		Affected
Hitachi Search vendor "Hitachi"		Ucosminexus Opentp1 Web Front-end Set Search vendor "Hitachi" for product "Ucosminexus Opentp1 Web Front-end Set"				*		-		Affected
Hitachi Search vendor "Hitachi"		Ucosminexus Service Architect Search vendor "Hitachi" for product "Ucosminexus Service Architect"				*		-		Affected
Hitachi Search vendor "Hitachi"		Ucosminexus Service Platform Search vendor "Hitachi" for product "Ucosminexus Service Platform"				*		-		Affected