Vulnerability Name:

CVE-2007-4564 (CCN-36245)

Assigned:2007-08-24
Published:2007-08-24
Updated:2017-07-29
Summary:Cosminexus Manager in Cosminexus Application Server 07-00 and later might assign the wrong user's group permissions to logical user server processes, which allows local users to gain privileges.
CVSS v3 Severity:5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
3.4 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.4 Medium (CCN CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-264
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2007-4563

Source: MITRE
Type: CNA
CVE-2007-4564

Source: OSVDB
Type: UNKNOWN
37855

Source: CCN
Type: SA26589
Hitachi Cosminexus Application Server Incorrect Handling of Group Permissions

Source: SECUNIA
Type: Patch, Vendor Advisory
26589

Source: CCN
Type: Hitachi Security Vulnerability Information HS07-025
Problem about Illegal Granting of Group Permissions in Cosminexus Application Server

Source: CONFIRM
Type: UNKNOWN
http://www.hitachi-support.com/security_e/vuls_e/HS07-025_e/index-e.html

Source: CCN
Type: OSVDB ID: 37854
Hitachi Cosminexus Application Server Manager Logical J2EE Server Process Permission Weakness Privilege Escalation

Source: CCN
Type: OSVDB ID: 37855
Hitachi Cosminexus Application Server Manager Logical User Server Process Permission Weakness Privilege Escalation

Source: BID
Type: UNKNOWN
25434

Source: CCN
Type: BID-25434
Hitachi Cosminexus Application Server Multiple Unauthorized Access Weaknesses

Source: XF
Type: UNKNOWN
cosminexus-group-security-bypass(36245)

Source: XF
Type: UNKNOWN
cosminexus-group-security-bypass(36245)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:hitachi:cosminexus_application_server_enterprise:06_50:*:aix:*:*:*:*:*
  • OR cpe:/a:hitachi:cosminexus_application_server_enterprise:06_50:*:hpux:*:*:*:*:*
  • OR cpe:/a:hitachi:cosminexus_application_server_enterprise:06_50:*:linux:*:*:*:*:*
  • OR cpe:/a:hitachi:cosminexus_application_server_enterprise:06_50:*:linux_ipf:*:*:*:*:*
  • OR cpe:/a:hitachi:cosminexus_application_server_enterprise:06_50:*:solaris:*:*:*:*:*
  • OR cpe:/a:hitachi:cosminexus_application_server_enterprise:06_50_b:*:linux_ipf:*:*:*:*:*
  • OR cpe:/a:hitachi:cosminexus_application_server_enterprise:06_50_c:*:linux:*:*:*:*:*
  • OR cpe:/a:hitachi:cosminexus_application_server_enterprise:06_50_c_1:*:hpux_ipf:*:*:*:*:*
  • OR cpe:/a:hitachi:cosminexus_application_server_enterprise:06_50_c_1:*:solaris:*:*:*:*:*
  • OR cpe:/a:hitachi:cosminexus_application_server_enterprise:06_50_e_1:*:hpux:*:*:*:*:*
  • OR cpe:/a:hitachi:cosminexus_application_server_enterprise:06_50_f:*:aix:*:*:*:*:*
  • OR cpe:/a:hitachi:cosminexus_application_server_enterprise:06_51:*:linux_ipf:*:*:*:*:*
  • OR cpe:/a:hitachi:cosminexus_application_server_enterprise:06_51_b_1:*:linux_ipf:*:*:*:*:*
  • OR cpe:/a:hitachi:cosminexus_application_server_enterprise:06_51_c:*:linux:*:*:*:*:*
  • OR cpe:/a:hitachi:cosminexus_application_server_standard:06_50:*:aix:*:*:*:*:*
  • OR cpe:/a:hitachi:cosminexus_application_server_standard:06_50:*:hpux:*:*:*:*:*
  • OR cpe:/a:hitachi:cosminexus_application_server_standard:06_50:*:hpux_ipf:*:*:*:*:*
  • OR cpe:/a:hitachi:cosminexus_application_server_standard:06_50:*:linux:*:*:*:*:*
  • OR cpe:/a:hitachi:cosminexus_application_server_standard:06_50:*:linux_ipf:*:*:*:*:*
  • OR cpe:/a:hitachi:cosminexus_application_server_standard:06_50_b:*:linux_ipf:*:*:*:*:*
  • OR cpe:/a:hitachi:cosminexus_application_server_standard:06_50_c:*:linux:*:*:*:*:*
  • OR cpe:/a:hitachi:cosminexus_application_server_standard:06_50_c_1:*:hpux_ipf:*:*:*:*:*
  • OR cpe:/a:hitachi:cosminexus_application_server_standard:06_50_c_1:*:solaris:*:*:*:*:*
  • OR cpe:/a:hitachi:cosminexus_application_server_standard:06_50_e_1:*:hpux:*:*:*:*:*
  • OR cpe:/a:hitachi:cosminexus_application_server_standard:06_50_f:*:aix:*:*:*:*:*
  • OR cpe:/a:hitachi:cosminexus_application_server_standard:06_51:*:linux:*:*:*:*:*
  • OR cpe:/a:hitachi:cosminexus_application_server_standard:06_51:*:linux_ipf:*:*:*:*:*
  • OR cpe:/a:hitachi:cosminexus_application_server_standard:06_51_b_1:*:linux:*:*:*:*:*
  • OR cpe:/a:hitachi:cosminexus_application_server_standard:06_51_c:*:linux:*:*:*:*:*
  • OR cpe:/a:hitachi:electronic_form_workflow_-_standard_set:07_00:*:linux:*:*:*:*:*
  • OR cpe:/a:hitachi:electronic_form_workflow_-_standard_set:07_00_b:*:linux:*:*:*:*:*
  • OR cpe:/a:hitachi:electronic_form_workflow_-professional_library_set:07_00:*:linux:*:*:*:*:*
  • OR cpe:/a:hitachi:electronic_form_workflow_-professional_library_set:07_00_b:*:linux:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_application_server_enterprise:06_70:*:aix:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_application_server_enterprise:06_70:*:solaris:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_application_server_enterprise:06_70_a:*:aix:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_application_server_enterprise:06_70_a:*:solaris:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_application_server_enterprise:06_70_b:*:aix:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_application_server_enterprise:06_70_b:*:hpux_ipf:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_application_server_enterprise:06_70_b:*:linux_ipf:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_application_server_enterprise:06_70_b:*:solaris:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_application_server_enterprise:06_70_b_1:*:linux:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_application_server_enterprise:06_70_d:*:aix:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_application_server_enterprise:06_70_g:*:hpux_ipf:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_application_server_enterprise:06_71:*:linux:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_application_server_enterprise:06_71_b:*:hpux:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_application_server_enterprise:06_71_b:*:linux:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_application_server_enterprise:06_71_c:*:solaris:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_application_server_enterprise:06_72_1:*:hpux:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_application_server_enterprise:06_72_b:*:linux:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_application_server_enterprise:06_72_b:*:linux_ipf:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_application_server_enterprise:06_72_g:*:hpux_ipf:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_application_server_enterprise:07-00-01:*:linux:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_application_server_enterprise:07_00:*:aix:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_application_server_enterprise:07_00:*:hpux_ipf:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_application_server_enterprise:07_00:*:linux:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_application_server_enterprise:07_00:*:solaris:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_application_server_enterprise:07_00_12:*:hpux_ipf:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_application_server_enterprise:07_10:*:aix:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_application_server_enterprise:07_10:*:hpux:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_application_server_enterprise:07_10:*:hpux_ipf:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_application_server_enterprise:07_10:*:linux:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_application_server_enterprise:07_10:*:linux_ipf:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_application_server_enterprise:07_10_1:*:linux_ipf:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_application_server_enterprise:07_10_06:*:linux_ipf:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_application_server_enterprise:07_10_08:*:hpux_ipf:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_application_server_standard:06_70:*:solaris:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_application_server_standard:06_70_a:*:aix:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_application_server_standard:06_70_a:*:solaris:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_application_server_standard:06_70_b:*:aix:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_application_server_standard:06_70_b:*:hpux:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_application_server_standard:06_70_b:*:linux_ipf:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_application_server_standard:06_70_b:*:solaris:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_application_server_standard:06_70_b_1:*:linux:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_application_server_standard:06_70_c:*:solaris:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_application_server_standard:06_70_d:*:aix:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_application_server_standard:06_71:*:linux:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_application_server_standard:06_71_b:*:linux:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_application_server_standard:06_72_1:*:hpux:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_application_server_standard:06_72_b_1:*:linux:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_application_server_standard:06_72_c:*:solaris:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_application_server_standard:06_72_d:*:aix:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_application_server_standard:06_72_g:*:hpux_ipf:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_application_server_standard:07_00:*:aix:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_application_server_standard:07_00:*:hpux_ipf:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_application_server_standard:07_00:*:linux:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_application_server_standard:07_00:*:solaris:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_application_server_standard:07_00_1:*:linux:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_application_server_standard:07_10:*:hpux:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_application_server_standard:07_10:*:hpux_ipf:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_application_server_standard:07_10:*:linux:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_application_server_standard:07_10:*:linux_ipf:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_service_platform:07_00:*:linux:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_service_platform:07_10:*:aix:*:*:*:*:*
  • OR cpe:/a:hitachi:ucosminexus_service_platform:07_10:*:linux:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:hitachi:cosminexus_application_server:6::standard:*:*:*:*:*
  • OR cpe:/a:hitachi:cosminexus_application_server:6:-:enterprise:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    hitachi cosminexus application server enterprise 06_50
    hitachi cosminexus application server enterprise 06_50
    hitachi cosminexus application server enterprise 06_50
    hitachi cosminexus application server enterprise 06_50
    hitachi cosminexus application server enterprise 06_50
    hitachi cosminexus application server enterprise 06_50_b
    hitachi cosminexus application server enterprise 06_50_c
    hitachi cosminexus application server enterprise 06_50_c_1
    hitachi cosminexus application server enterprise 06_50_c_1
    hitachi cosminexus application server enterprise 06_50_e_1
    hitachi cosminexus application server enterprise 06_50_f
    hitachi cosminexus application server enterprise 06_51
    hitachi cosminexus application server enterprise 06_51_b_1
    hitachi cosminexus application server enterprise 06_51_c
    hitachi cosminexus application server standard 06_50
    hitachi cosminexus application server standard 06_50
    hitachi cosminexus application server standard 06_50
    hitachi cosminexus application server standard 06_50
    hitachi cosminexus application server standard 06_50
    hitachi cosminexus application server standard 06_50_b
    hitachi cosminexus application server standard 06_50_c
    hitachi cosminexus application server standard 06_50_c_1
    hitachi cosminexus application server standard 06_50_c_1
    hitachi cosminexus application server standard 06_50_e_1
    hitachi cosminexus application server standard 06_50_f
    hitachi cosminexus application server standard 06_51
    hitachi cosminexus application server standard 06_51
    hitachi cosminexus application server standard 06_51_b_1
    hitachi cosminexus application server standard 06_51_c
    hitachi electronic form workflow - standard set 07_00
    hitachi electronic form workflow - standard set 07_00_b
    hitachi electronic form workflow -professional library set 07_00
    hitachi electronic form workflow -professional library set 07_00_b
    hitachi ucosminexus application server enterprise 06_70
    hitachi ucosminexus application server enterprise 06_70
    hitachi ucosminexus application server enterprise 06_70_a
    hitachi ucosminexus application server enterprise 06_70_a
    hitachi ucosminexus application server enterprise 06_70_b
    hitachi ucosminexus application server enterprise 06_70_b
    hitachi ucosminexus application server enterprise 06_70_b
    hitachi ucosminexus application server enterprise 06_70_b
    hitachi ucosminexus application server enterprise 06_70_b_1
    hitachi ucosminexus application server enterprise 06_70_d
    hitachi ucosminexus application server enterprise 06_70_g
    hitachi ucosminexus application server enterprise 06_71
    hitachi ucosminexus application server enterprise 06_71_b
    hitachi ucosminexus application server enterprise 06_71_b
    hitachi ucosminexus application server enterprise 06_71_c
    hitachi ucosminexus application server enterprise 06_72_1
    hitachi ucosminexus application server enterprise 06_72_b
    hitachi ucosminexus application server enterprise 06_72_b
    hitachi ucosminexus application server enterprise 06_72_g
    hitachi ucosminexus application server enterprise 07-00-01
    hitachi ucosminexus application server enterprise 07_00
    hitachi ucosminexus application server enterprise 07_00
    hitachi ucosminexus application server enterprise 07_00
    hitachi ucosminexus application server enterprise 07_00
    hitachi ucosminexus application server enterprise 07_00_12
    hitachi ucosminexus application server enterprise 07_10
    hitachi ucosminexus application server enterprise 07_10
    hitachi ucosminexus application server enterprise 07_10
    hitachi ucosminexus application server enterprise 07_10
    hitachi ucosminexus application server enterprise 07_10
    hitachi ucosminexus application server enterprise 07_10_1
    hitachi ucosminexus application server enterprise 07_10_06
    hitachi ucosminexus application server enterprise 07_10_08
    hitachi ucosminexus application server standard 06_70
    hitachi ucosminexus application server standard 06_70_a
    hitachi ucosminexus application server standard 06_70_a
    hitachi ucosminexus application server standard 06_70_b
    hitachi ucosminexus application server standard 06_70_b
    hitachi ucosminexus application server standard 06_70_b
    hitachi ucosminexus application server standard 06_70_b
    hitachi ucosminexus application server standard 06_70_b_1
    hitachi ucosminexus application server standard 06_70_c
    hitachi ucosminexus application server standard 06_70_d
    hitachi ucosminexus application server standard 06_71
    hitachi ucosminexus application server standard 06_71_b
    hitachi ucosminexus application server standard 06_72_1
    hitachi ucosminexus application server standard 06_72_b_1
    hitachi ucosminexus application server standard 06_72_c
    hitachi ucosminexus application server standard 06_72_d
    hitachi ucosminexus application server standard 06_72_g
    hitachi ucosminexus application server standard 07_00
    hitachi ucosminexus application server standard 07_00
    hitachi ucosminexus application server standard 07_00
    hitachi ucosminexus application server standard 07_00
    hitachi ucosminexus application server standard 07_00_1
    hitachi ucosminexus application server standard 07_10
    hitachi ucosminexus application server standard 07_10
    hitachi ucosminexus application server standard 07_10
    hitachi ucosminexus application server standard 07_10
    hitachi ucosminexus service platform 07_00
    hitachi ucosminexus service platform 07_10
    hitachi ucosminexus service platform 07_10
    hitachi cosminexus application server 6
    hitachi cosminexus application server 6 -