Description
The session failover function in Cosminexus Component Container in Cosminexus 6, 6.7, and 7 before 20070731, as used in multiple Hitachi products, can use session data for the wrong user under unspecified conditions, which might allow remote authenticated users to obtain sensitive information, corrupt another user's session data, and possibly gain privileges.
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/25145
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/2725
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/35706
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/37852
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/26250
Patch, Vendor Advisory x_refsource_confirm
http://www.hitachi-support.com/security_e/vuls_e/HS07-024_e/index-e.html
Scores
EPSS
0.0040
EPSS Percentile
61.1%
Details
Status
published
Products (14)
hitachi/cosminexus_application_server
6 (2 CPE variants)
hitachi/cosminexus_collaboration_portal
hitachi/cosminexus_developer
6 (3 CPE variants)
hitachi/cosminexus_erp_integrator
hitachi/cosminexus_opentp1_web_front-end_set
hitachi/electronic_form_workflow
(3 CPE variants)
hitachi/groupmax_collaboration_portal
hitachi/ucosminexus_application_server
(2 CPE variants)
hitachi/ucosminexus_collaboration_portal
hitachi/ucosminexus_developer
(3 CPE variants)
... and 4 more
Published
Aug 01, 2007
Tracked Since
Feb 18, 2026