Information Exposure Vulnerability in Cosminexus Component Container


An information exposure vulnerability (CVE-2023-6814) exists in Cosminexus Component Container.

Affected products and versions are listed below. Please upgrade your version to the appropriate version.
These vulnerabilities exist in Cosminexus Component Container which is a component product of other Hitachi products.
For details about the fixed version about Cosminexus products, contact your Hitachi support service representative.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 5.6 (Medium) [Vendor Score]
  • Attack Vector: Local
  • Attack Complexity: High
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Changed
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None
Affected Products

Hitachi, Ltd
  • Cosminexus Component Container
  • uCosminexus Application Server
  • uCosminexus Application Server Enterprise
  • uCosminexus Application Server Standard
  • uCosminexus Application Server Standard-R
  • uCosminexus Application Server(64)
  • uCosminexus Application Server-R
  • uCosminexus Developer
  • uCosminexus Developer Professional
  • uCosminexus Developer Professional for Plug-in
  • uCosminexus Developer Standard
  • uCosminexus Primary Server Base
  • uCosminexus Primary Server Base(64)
  • uCosminexus Service Architect
  • uCosminexus Service Platform
  • uCosminexus Service Platform(64)

Please refer to Vendor Information for more details.

Regarding the impact of the vulnerability, please refer to the vendor advisory.

Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action.
Vendor Information

Hitachi, Ltd
CWE (What is CWE?)

  1. Information Exposure Through Log Files(CWE-532) [NVD Evaluation]
CVE (What is CVE?)

  1. CVE-2023-6814

  1. National Vulnerability Database (NVD) : CVE-2023-6814
Revision History

  • [2024/03/13]
      Web page was published