CVE-2007-4124

Currently unrated

Key Information:

Vendor: Hitachi
Status: Ucosminexus Collaboration Portal; Cosminexus Opentp1 Web Front-end Set; Ucosminexus Erp Integrator; Cosminexus Developer
Vendor: CVE Published:; 1 August 2007

Summary

The session failover function in Cosminexus Component Container in Cosminexus 6, 6.7, and 7 before 20070731, as used in multiple Hitachi products, can use session data for the wrong user under unspecified conditions, which might allow remote authenticated users to obtain sensitive information, corrupt another user's session data, and possibly gain privileges.

References

http://www.securityfocus.com/bid/25145

vdb-entryx_refsource_BID

http://www.vupen.com/english/advisories/2007/2725

vdb-entryx_refsource_VUPEN

https://exchange.xforce.ibmcloud.com/vulnerabilities/35706

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Aug 1, 2007
Vulnerability Reserved
Aug 1, 2007