CVE-2007-4124

high

Description

The session failover function in Cosminexus Component Container in Cosminexus 6, 6.7, and 7 before 20070731, as used in multiple Hitachi products, can use session data for the wrong user under unspecified conditions, which might allow remote authenticated users to obtain sensitive information, corrupt another user's session data, and possibly gain privileges.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/35706

http://www.vupen.com/english/advisories/2007/2725

http://www.securityfocus.com/bid/25145

http://www.hitachi-support.com/security_e/vuls_e/HS07-024_e/index-e.html

http://secunia.com/advisories/26250

http://osvdb.org/37852

Details

Source: Mitre, NVD

Published: 2007-08-01

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 4.9

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00364