CVE-2007-4563

CWE-2643 documents3 sources

Severity

4.4MEDIUM

EPSS

0.1%

top 82.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Hitachi Cosminexus Application Server Enterprise Hitachi Cosminexus Application Server Standard Hitachi Electronic Form Workflow - Standard SET +4 more

Timeline

PublishedAug 28

Latest updateMay 1

Description

Cosminexus Manager in Cosminexus Application Server 06-50 and later might assign the wrong user's group permissions to logical J2EE server processes, which allows local users to gain privileges.

CVSS vector

AV:L/AC:M/C:P/I:P/A:PExploitability: 3.4 | Impact: 6.4

Affected Packages5 packages

▶NVDhitachi/cosminexus_application9 versions+8

▶NVDhitachi/ucosminexus_application24 versions+23

▶NVDhitachi/ucosminexus_service_platform07_00, 07_10+1

▶NVDhitachi/electronic_form_workflow_-_standard_set07_00, 07_00_b+1

▶NVDhitachi/electronic_form_workflow_-professional_library_set07_00, 07_00_b+1

Patches

Patch: secunia.com ↗Patch: www.hitachi-support.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-mcrw-xhqq-57vc: Cosminexus Manager in Cosminexus Application Server 06-50 and later might assign the wrong user's group permissions to logical J2EE server processes,↗2022-05-01

▶

CVEList

CVE-2007-4563: Cosminexus Manager in Cosminexus Application Server 06-50 and later might assign the wrong user's group permissions to logical J2EE server processes,↗2007-08-28

▶