Session Hijacking Vulnerability in Hitachi Cosminexus Component Container
CVE-2007-4124

Currently unrated

Key Information:

Vendor
Hitachi
Status
Ucosminexus Collaboration Portal
Cosminexus Opentp1 Web Front-end Set
Ucosminexus Erp Integrator
Cosminexus Developer
Vendor
CVE Published:
1 August 2007

Summary

The session failover function in the Cosminexus Component Container prior to the specified version can potentially expose session data to incorrect users under certain conditions. This vulnerability may allow unauthorized, remote authenticated users to access sensitive information, compromise another user's session data, and potentially escalate privileges. Organizations using affected Hitachi products should take immediate steps to mitigate the risk by applying the appropriate updates and reviewing their security practices.

References

http://www.securityfocus.com/bid/25145
vdb-entryx_refsource_BID
http://www.vupen.com/english/advisories/2007/2725
vdb-entryx_refsource_VUPEN
https://exchange.xforce.ibmcloud.com/vulnerabilities/35706
vdb-entryx_refsource_XF

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.