|
[Japanese]
|
JVNDB-2007-001133
|
Cosminexus Component Container Session Handling Vulnerability
|
|
The session failover function in Cosminexus Component Container may fail to handle session information properly and allow one user's session data to be used as aonther user's session data.
|
|
CVSS V2 Severity:
Base Metrics 4.9 (Medium) [IPA Score]
- Access Vector: Network
- Access Complexity: Medium
- Authentication: Single Instance
- Confidentiality Impact: Partial
- Integrity Impact: Partial
- Availability Impact: None
|
|
|
Hitachi, Ltd
- Cosminexus Application Server Enterprise Version 6
- Cosminexus Application Server Standard Version 6
- Cosminexus Collaboration Server
- Cosminexus Component Container
- Cosminexus Developer Standard Version 6
- Cosminexus Developer Professional Version 6
- Cosminexus Developer Light Version 6
- Cosminexus ERP Integrator
- Cosminexus/OpenTP1 Web Front-end Set
- Groupmax Collaboration Server
- uCosminexus Application Server Enterprise
- uCosminexus Application Server Standard
- uCosminexus Collaboration Server
- uCosminexus Developer Standard
- uCosminexus Developer Professional
- uCosminexus Developer Light
- uCosminexus ERP Integrator
- uCosminexus Service Platform
- uCosminexus Service Architect
- uCosminexus/OpenTP1 Web Front-end Set
- Electronic Form Workflow Standard Set
- Electronic Form Workflow Professional Library Set
- Electronic Form Workflow Developer Client Set
|
|
|
A remote attacker could gain unauthorized access to other users' session and obtain sensitive information.
|
|
Please refer to the 'Vendor Information' section for official remediation and take appropriate action.
|
|
Hitachi, Ltd
- Hitachi Software Vulnerability Information : HS07-024
|
|
|
|
- CVE-2007-4124
|
|
- National Vulnerability Database (NVD) : CVE-2007-4124
- Secunia Advisory : SA26250
- SecurityFocus : 25145
- ISS X-Force Database : 35706
- FrSIRT Advisories : FrSIRT/ADV-2007-2725
|
|
- [2008/05/21]
Web page published
|
