CVE-2007-4564

CWE-2643 documents3 sources

Severity

4.6MEDIUM

EPSS

0.1%

top 82.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Hitachi Cosminexus Application Server Enterprise Hitachi Cosminexus Application Server Standard Hitachi Electronic Form Workflow - Standard SET +4 more

Timeline

PublishedAug 28

Latest updateMay 1

Description

Cosminexus Manager in Cosminexus Application Server 07-00 and later might assign the wrong user's group permissions to logical user server processes, which allows local users to gain privileges.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages5 packages

▶NVDhitachi/cosminexus_application9 versions+8

▶NVDhitachi/ucosminexus_application24 versions+23

▶NVDhitachi/ucosminexus_service_platform07_00, 07_10+1

▶NVDhitachi/electronic_form_workflow_-_standard_set07_00, 07_00_b+1

▶NVDhitachi/electronic_form_workflow_-professional_library_set07_00, 07_00_b+1

Patches

Patch: secunia.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-rwvw-fwqw-7f2x: Cosminexus Manager in Cosminexus Application Server 07-00 and later might assign the wrong user's group permissions to logical user server processes,↗2022-05-01

▶

CVEList

CVE-2007-4564: Cosminexus Manager in Cosminexus Application Server 07-00 and later might assign the wrong user's group permissions to logical user server processes,↗2007-08-28

▶