CVE-2007-4124

3 documents3 sources

Severity

4.9MEDIUM

EPSS

0.4%

top 39.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Hitachi Cosminexus Application Server Hitachi Cosminexus Developer

Timeline

PublishedAug 1

Latest updateMay 1

Description

The session failover function in Cosminexus Component Container in Cosminexus 6, 6.7, and 7 before 20070731, as used in multiple Hitachi products, can use session data for the wrong user under unspecified conditions, which might allow remote authenticated users to obtain sensitive information, corrupt another user's session data, and possibly gain privileges.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 6.8 | Impact: 4.9

Affected Packages2 packages

▶NVDhitachi/cosminexus_developer6

▶NVDhitachi/cosminexus_application_server6

Patches

Patch: www.hitachi-support.com ↗Patch: www.hitachi-support.com ↗

🔴Vulnerability Details

GHSA

GHSA-hhp6-3f6p-xrjv: The session failover function in Cosminexus Component Container in Cosminexus 6, 6↗2022-05-01

▶

CVEList

CVE-2007-4124: The session failover function in Cosminexus Component Container in Cosminexus 6, 6↗2007-08-01

▶