CVE-2007-4564

Cosminexus Manager in Cosminexus Application Server 07-00 and later might assign the wrong user's group permissions to logical user server processes, which allows local users to gain privileges.

CVSS v2.0 4.6 MEDIUM

4.6^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://osvdb.org/37855
http://secunia.com/advisories/26589	Patch Vendor Advisory
http://www.hitachi-support.com/security_e/vuls_e/HS07-025_e/index-e.html
http://www.securityfocus.com/bid/25434
https://exchange.xforce.ibmcloud.com/vulnerabilities/36245
http://osvdb.org/37855
http://secunia.com/advisories/26589	Patch Vendor Advisory
http://www.hitachi-support.com/security_e/vuls_e/HS07-025_e/index-e.html
http://www.securityfocus.com/bid/25434
https://exchange.xforce.ibmcloud.com/vulnerabilities/36245

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:hitachi:cosminexus_application_server_enterprise:06_50::aix:::::
	cpe:2.3:a:hitachi:cosminexus_application_server_enterprise:06_50::hpux:::::
	cpe:2.3:a:hitachi:cosminexus_application_server_enterprise:06_50::linux:::::
	cpe:2.3:a:hitachi:cosminexus_application_server_enterprise:06_50::linux_ipf:::::
	cpe:2.3:a:hitachi:cosminexus_application_server_enterprise:06_50::solaris:::::
	cpe:2.3:a:hitachi:cosminexus_application_server_enterprise:06_50_b::linux_ipf:::::
	cpe:2.3:a:hitachi:cosminexus_application_server_enterprise:06_50_c::linux:::::
	cpe:2.3:a:hitachi:cosminexus_application_server_enterprise:06_50_c_1::hpux_ipf:::::
	cpe:2.3:a:hitachi:cosminexus_application_server_enterprise:06_50_c_1::solaris:::::
	cpe:2.3:a:hitachi:cosminexus_application_server_enterprise:06_50_e_1::hpux:::::
	cpe:2.3:a:hitachi:cosminexus_application_server_enterprise:06_50_f::aix:::::
	cpe:2.3:a:hitachi:cosminexus_application_server_enterprise:06_51::linux_ipf:::::
	cpe:2.3:a:hitachi:cosminexus_application_server_enterprise:06_51_b_1::linux_ipf:::::
	cpe:2.3:a:hitachi:cosminexus_application_server_enterprise:06_51_c::linux:::::
	cpe:2.3:a:hitachi:cosminexus_application_server_standard:06_50::aix:::::
	cpe:2.3:a:hitachi:cosminexus_application_server_standard:06_50::hpux:::::
	cpe:2.3:a:hitachi:cosminexus_application_server_standard:06_50::hpux_ipf:::::
	cpe:2.3:a:hitachi:cosminexus_application_server_standard:06_50::linux:::::
	cpe:2.3:a:hitachi:cosminexus_application_server_standard:06_50::linux_ipf:::::
	cpe:2.3:a:hitachi:cosminexus_application_server_standard:06_50_b::linux_ipf:::::
	cpe:2.3:a:hitachi:cosminexus_application_server_standard:06_50_c::linux:::::
	cpe:2.3:a:hitachi:cosminexus_application_server_standard:06_50_c_1::hpux_ipf:::::
	cpe:2.3:a:hitachi:cosminexus_application_server_standard:06_50_c_1::solaris:::::
	cpe:2.3:a:hitachi:cosminexus_application_server_standard:06_50_e_1::hpux:::::
	cpe:2.3:a:hitachi:cosminexus_application_server_standard:06_50_f::aix:::::
	cpe:2.3:a:hitachi:cosminexus_application_server_standard:06_51::linux:::::
	cpe:2.3:a:hitachi:cosminexus_application_server_standard:06_51::linux_ipf:::::
	cpe:2.3:a:hitachi:cosminexus_application_server_standard:06_51_b_1::linux:::::
	cpe:2.3:a:hitachi:cosminexus_application_server_standard:06_51_c::linux:::::
	cpe:2.3:a:hitachi:electronic_form_workflow_-_standard_set:07_00::linux:::::
	cpe:2.3:a:hitachi:electronic_form_workflow_-_standard_set:07_00_b::linux:::::
	cpe:2.3:a:hitachi:electronic_form_workflow_-professional_library_set:07_00::linux:::::
	cpe:2.3:a:hitachi:electronic_form_workflow_-professional_library_set:07_00_b::linux:::::
	cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:06_70::aix:::::
	cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:06_70::solaris:::::
	cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:06_70_a::aix:::::
	cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:06_70_a::solaris:::::
	cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:06_70_b::aix:::::
	cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:06_70_b::hpux_ipf:::::
	cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:06_70_b::linux_ipf:::::
	cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:06_70_b::solaris:::::
	cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:06_70_b_1::linux:::::
	cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:06_70_d::aix:::::
	cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:06_70_g::hpux_ipf:::::
	cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:06_71::linux:::::
	cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:06_71_b::hpux:::::
	cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:06_71_b::linux:::::
	cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:06_71_c::solaris:::::
	cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:06_72_1::hpux:::::
	cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:06_72_b::linux:::::
	cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:06_72_b::linux_ipf:::::
	cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:06_72_g::hpux_ipf:::::
	cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:07-00-01::linux:::::
	cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:07_00::aix:::::
	cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:07_00::hpux_ipf:::::
	cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:07_00::linux:::::
	cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:07_00::solaris:::::
	cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:07_00_12::hpux_ipf:::::
	cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:07_10::aix:::::
	cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:07_10::hpux:::::
	cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:07_10::hpux_ipf:::::
	cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:07_10::linux:::::
	cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:07_10::linux_ipf:::::
	cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:07_10_1::linux_ipf:::::
cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:07_10_06::linux_ipf:::::
cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:07_10_08::hpux_ipf:::::
cpe:2.3:a:hitachi:ucosminexus_application_server_standard:06_70::solaris:::::
cpe:2.3:a:hitachi:ucosminexus_application_server_standard:06_70_a::aix:::::
cpe:2.3:a:hitachi:ucosminexus_application_server_standard:06_70_a::solaris:::::
cpe:2.3:a:hitachi:ucosminexus_application_server_standard:06_70_b::aix:::::
cpe:2.3:a:hitachi:ucosminexus_application_server_standard:06_70_b::hpux:::::
cpe:2.3:a:hitachi:ucosminexus_application_server_standard:06_70_b::linux_ipf:::::
cpe:2.3:a:hitachi:ucosminexus_application_server_standard:06_70_b::solaris:::::
cpe:2.3:a:hitachi:ucosminexus_application_server_standard:06_70_b_1::linux:::::
cpe:2.3:a:hitachi:ucosminexus_application_server_standard:06_70_c::solaris:::::
cpe:2.3:a:hitachi:ucosminexus_application_server_standard:06_70_d::aix:::::
cpe:2.3:a:hitachi:ucosminexus_application_server_standard:06_71::linux:::::
cpe:2.3:a:hitachi:ucosminexus_application_server_standard:06_71_b::linux:::::
cpe:2.3:a:hitachi:ucosminexus_application_server_standard:06_72_1::hpux:::::
cpe:2.3:a:hitachi:ucosminexus_application_server_standard:06_72_b_1::linux:::::
cpe:2.3:a:hitachi:ucosminexus_application_server_standard:06_72_c::solaris:::::
cpe:2.3:a:hitachi:ucosminexus_application_server_standard:06_72_d::aix:::::
cpe:2.3:a:hitachi:ucosminexus_application_server_standard:06_72_g::hpux_ipf:::::
cpe:2.3:a:hitachi:ucosminexus_application_server_standard:07_00::aix:::::
cpe:2.3:a:hitachi:ucosminexus_application_server_standard:07_00::hpux_ipf:::::
cpe:2.3:a:hitachi:ucosminexus_application_server_standard:07_00::linux:::::
cpe:2.3:a:hitachi:ucosminexus_application_server_standard:07_00::solaris:::::
cpe:2.3:a:hitachi:ucosminexus_application_server_standard:07_00_1::linux:::::
cpe:2.3:a:hitachi:ucosminexus_application_server_standard:07_10::hpux:::::
cpe:2.3:a:hitachi:ucosminexus_application_server_standard:07_10::hpux_ipf:::::
cpe:2.3:a:hitachi:ucosminexus_application_server_standard:07_10::linux:::::
cpe:2.3:a:hitachi:ucosminexus_application_server_standard:07_10::linux_ipf:::::
cpe:2.3:a:hitachi:ucosminexus_service_platform:07_00::linux:::::
cpe:2.3:a:hitachi:ucosminexus_service_platform:07_10::aix:::::
cpe:2.3:a:hitachi:ucosminexus_service_platform:07_10::linux:::::

History

21 Nov 2024, 00:35

Type	Values Removed	Values Added
References	~~() http://osvdb.org/37855 -~~	() http://osvdb.org/37855 -
References	~~() http://secunia.com/advisories/26589 - Patch, Vendor Advisory~~	() http://secunia.com/advisories/26589 - Patch, Vendor Advisory
References	~~() http://www.hitachi-support.com/security_e/vuls_e/HS07-025_e/index-e.html -~~	() http://www.hitachi-support.com/security_e/vuls_e/HS07-025_e/index-e.html -
References	~~() http://www.securityfocus.com/bid/25434 -~~	() http://www.securityfocus.com/bid/25434 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/36245 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/36245 -

Information

Published : 2007-08-28 01:17

Updated : 2024-11-21 00:35

NVD link : CVE-2007-4564

Mitre link : CVE-2007-4564

CVE.ORG link : CVE-2007-4564

JSON object : View

Products Affected

hitachi

cosminexus_application_server_standard
ucosminexus_application_server_enterprise
electronic_form_workflow_-professional_library_set
cosminexus_application_server_enterprise
ucosminexus_application_server_standard
ucosminexus_service_platform
electronic_form_workflow_-_standard_set

CWE

CWE-264

Permissions, Privileges, and Access Controls

4.6 /10