CyberSec.Space Logo
Back to CVE Browser

CVE-2007-4124

MEDIUM
4.9
CVSS Severity Score
EPSS Score0.1410%
EPSS Percentile6.33th
PublishedAug 1, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

The session failover function in Cosminexus Component Container in Cosminexus 6, 6.7, and 7 before 20070731, as used in multiple Hitachi products, can use session data for the wrong user under unspecified conditions, which might allow remote authenticated users to obtain sensitive information, corrupt another user's session data, and possibly gain privileges.

Affected Platforms (CPE)

πŸ“¦
Hitachi

Cosminexus Application Server

= 6
πŸ“¦
Hitachi

Cosminexus Application Server

= 6
πŸ“¦
Hitachi

Cosminexus Collaboration Portal

All versions
πŸ“¦
Hitachi

Cosminexus Developer

= 6
πŸ“¦
Hitachi

Cosminexus Developer

= 6
πŸ“¦
Hitachi

Cosminexus Developer

= 6
πŸ“¦
Hitachi

Cosminexus Erp Integrator

All versions
πŸ“¦
Hitachi

Cosminexus Opentp1 Web Front End Set

All versions
πŸ“¦
Hitachi

Electronic Form Workflow

All versions
πŸ“¦
Hitachi

Electronic Form Workflow

All versions
πŸ“¦
Hitachi

Electronic Form Workflow

All versions
πŸ“¦
Hitachi

Groupmax Collaboration Portal

All versions
πŸ“¦
Hitachi

Ucosminexus Application Server

All versions
πŸ“¦
Hitachi

Ucosminexus Application Server

All versions
πŸ“¦
Hitachi

Ucosminexus Collaboration Portal

All versions
πŸ“¦
Hitachi

Ucosminexus Developer

All versions
πŸ“¦
Hitachi

Ucosminexus Developer

All versions
πŸ“¦
Hitachi

Ucosminexus Developer

All versions
πŸ“¦
Hitachi

Ucosminexus Erp Integrator

All versions
πŸ“¦
Hitachi

Ucosminexus Opentp1 Web Front End Set

All versions
πŸ“¦
Hitachi

Ucosminexus Service Architect

All versions
πŸ“¦
Hitachi

Ucosminexus Service Platform

All versions

References & Advisories

πŸ”— http://osvdb.org/37852
πŸ”— http://secunia.com/advisories/26250
πŸ”— http://www.hitachi-support.com/security_e/vuls_e/HS07-024_e/index-e.html
πŸ”— http://www.securityfocus.com/bid/25145
πŸ”— http://www.vupen.com/english/advisories/2007/2725
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/35706
πŸ”— http://osvdb.org/37852
πŸ”— http://secunia.com/advisories/26250

Related Vulnerabilities

CVE-2007-18545.0

Unspecified vulnerability in Hitachi Cosminexus Component Container 07-00 through 07-00-10, and 07-10 through 07-10-03, as used in...

CVE-2007-45644.6

Cosminexus Manager in Cosminexus Application Server 07-00 and later might assign the wrong user's group permissions to logical use...

CVE-2007-45634.4

Cosminexus Manager in Cosminexus Application Server 06-50 and later might assign the wrong user's group permissions to logical J2E...

CVE-2005-31642.6

The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server ...