Unrated severityNVD Advisory· Published Aug 1, 2007· Updated Apr 23, 2026

CVE-2007-4124

Description

The session failover function in Cosminexus Component Container in Cosminexus 6, 6.7, and 7 before 20070731, as used in multiple Hitachi products, can use session data for the wrong user under unspecified conditions, which might allow remote authenticated users to obtain sensitive information, corrupt another user's session data, and possibly gain privileges.

Affected products

Hitachi/Cosminexus Application Server2 versions
cpe:2.3:a:hitachi:cosminexus_application_server:6:*:enterprise:*:*:*:*:*+ 1 more
- cpe:2.3:a:hitachi:cosminexus_application_server:6:*:enterprise:*:*:*:*:*
- cpe:2.3:a:hitachi:cosminexus_application_server:6:*:standard:*:*:*:*:*
Hitachi/Cosminexus Collaboration Portal
cpe:2.3:a:hitachi:cosminexus_collaboration_portal:*:*:*:*:*:*:*:*
Hitachi/Cosminexus Developer3 versions
cpe:2.3:a:hitachi:cosminexus_developer:6:*:light:*:*:*:*:*+ 2 more
- cpe:2.3:a:hitachi:cosminexus_developer:6:*:light:*:*:*:*:*
- cpe:2.3:a:hitachi:cosminexus_developer:6:*:professional:*:*:*:*:*
- cpe:2.3:a:hitachi:cosminexus_developer:6:*:standard:*:*:*:*:*
Hitachi/Cosminexus ERP Integrator
cpe:2.3:a:hitachi:cosminexus_erp_integrator:*:*:*:*:*:*:*:*
Hitachi/Cosminexus Opentp1 Web Front End Set
cpe:2.3:a:hitachi:cosminexus_opentp1_web_front-end_set:*:*:*:*:*:*:*:*
Hitachi/Electronic Form Workflow3 versions
cpe:2.3:a:hitachi:electronic_form_workflow:*:*:developer_client_set:*:*:*:*:*+ 2 more
- cpe:2.3:a:hitachi:electronic_form_workflow:*:*:developer_client_set:*:*:*:*:*
- cpe:2.3:a:hitachi:electronic_form_workflow:*:*:professional_library_set:*:*:*:*:*
- cpe:2.3:a:hitachi:electronic_form_workflow:*:*:standard_set:*:*:*:*:*
Hitachi/Groupmax Collaboration Portal
cpe:2.3:a:hitachi:groupmax_collaboration_portal:*:*:server:*:*:*:*:*
Hitachi/Ucosminexus Application Server2 versions
cpe:2.3:a:hitachi:ucosminexus_application_server:*:*:enterprise:*:*:*:*:*+ 1 more
- cpe:2.3:a:hitachi:ucosminexus_application_server:*:*:enterprise:*:*:*:*:*
- cpe:2.3:a:hitachi:ucosminexus_application_server:*:*:standard:*:*:*:*:*
Hitachi/Ucosminexus Collaboration Portal
cpe:2.3:a:hitachi:ucosminexus_collaboration_portal:*:*:server:*:*:*:*:*
Hitachi/Ucosminexus Developer3 versions
cpe:2.3:a:hitachi:ucosminexus_developer:*:*:light:*:*:*:*:*+ 2 more
- cpe:2.3:a:hitachi:ucosminexus_developer:*:*:light:*:*:*:*:*
- cpe:2.3:a:hitachi:ucosminexus_developer:*:*:professional:*:*:*:*:*
- cpe:2.3:a:hitachi:ucosminexus_developer:*:*:standard:*:*:*:*:*
Hitachi/Ucosminexus ERP Integrator
cpe:2.3:a:hitachi:ucosminexus_erp_integrator:*:*:*:*:*:*:*:*
Hitachi/Ucosminexus Opentp1 Web Front End Set
cpe:2.3:a:hitachi:ucosminexus_opentp1_web_front-end_set:*:*:*:*:*:*:*:*
Hitachi/Ucosminexus Service Architect
cpe:2.3:a:hitachi:ucosminexus_service_architect:*:*:*:*:*:*:*:*
Hitachi/Ucosminexus Service Platform
cpe:2.3:a:hitachi:ucosminexus_service_platform:*:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.hitachi-support.com/security_e/vuls_e/HS07-024_e/index-e.htmlnvdPatchVendor Advisory
secunia.com/advisories/26250nvdVendor Advisory
osvdb.org/37852nvd
www.securityfocus.com/bid/25145nvd
www.vupen.com/english/advisories/2007/2725nvd
exchange.xforce.ibmcloud.com/vulnerabilities/35706nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000