Vulnerability description
Cosminexus Component Container, which is a component product of the following products, might use the session data of one user as the session data of another user:
- Cosminexus V7, V6.7
- uCosminexus Application Server Enterprise
- uCosminexus Application Server Standard
- uCosminexus Service Platform
- uCosminexus Developer Standard
- uCosminexus Developer Professional
- uCosminexus Developer Light
- uCosminexus Service Architect
- Cosminexus V6
- Cosminexus Application Server Enterprise Version 6
- Cosminexus Application Server Standard Version 6
- Cosminexus Developer Standard Version 6
- Cosminexus Developer Professional Version 6
- Cosminexus Developer Light Version 6
- Products containing Cosminexus
- Electronic Form Workflow - Standard Set(*1)
- Electronic Form Workflow - Professional Library Set(*1)
- Electronic Form Workflow - Developer Client Set(*1)
- uCosminexus ERP Integrator(*1)
- Cosminexus ERP Integrator(*1)
- uCosminexus Collaboration - Server(*1)
- Cosminexus Collaboration - Server(*1)
- Groupmax Collaboration - Server(*1)
- uCosminexus/OpenTP1 Web Front-end Set(*1)
- Cosminexus/OpenTP1 Web Front-end Set(*1)
The session failover function of Cosminexus Component Container might use the session data of another logged-in user, resulting in that user's information being leaked or overwritten.
This problem can occur if your system uses the session failover function. Affected products and versions are listed below. Please upgrade your version to the appropriate version.
- *1
- uCosminexus Application Server Standard and/or uCosminexus Developer Standard contained in these products are affected.
Fixed products
The information is organized under the following headings:
(Example)
Product name: Gives the name of the fixed product.
Version:
- Platform
- Gives the fixed version, and release date.
Scheduled version:
- Platform
- Gives the fixed version scheduled to be released.
- Cosminexus V7
Product name: uCosminexus Application Server Enterprise
Product name: uCosminexus Application Server Standard
Product name: uCosminexus Service Platform
Product name: uCosminexus Developer Standard
Product name: uCosminexus Developer Professional
Product name: uCosminexus Service Architect
Fixed component product name(*3):
- Cosminexus Component Container
Fixed component product version(s)(*9):
- Windows
- 07-00-13 June 27, 2007
- 07-10-08 June 8, 2007
- Linux
- 07-00-13 July 2, 2007
- 07-10-08 June 8, 2007
- Linux(IPF)
- 07-10-08 June 14, 2007
- AIX
- 07-00-13 July 2, 2007
- 07-10-08 June 14, 2007
- HP-UX
- 07-10-08 June 1, 2007
- HP-UX(IPF)
- 07-00-13 July 2, 2007
- 07-10-08 June 1, 2007
- Solaris
- 07-00-13 July 2, 2007
- Cosminexus V6.7
Product name: uCosminexus Application Server Enterprise
Product name: uCosminexus Application Server Standard
Version(s):
- Windows
- 06-70-/D August 2, 2007
- 06-71-/D July 25, 2007
- Linux
- 06-70-/D August 3, 2007
- 06-71-/D July 26, 2007
- Linux(IPF)
- 06-70-/D August 30, 2007
- AIX
- 06-70-/G Sepmenber 12, 2007
- HP-UX
- 06-70-/D November 1, 2007
- 06-72-/B October 15, 2007
- HP-UX(IPF)
- 06-70-/K October 1, 2007
- Solaris
- 06-70-/D September 20, 2007
Product name: uCosminexus Developer Standard
Product name: uCosminexus Developer Professional
Product name: uCosminexus Developer Light
Version(s):
- Windows
- 06-70-/D August 2, 2007
- 06-71-/D July 25, 2007
- Cosminexus V6
Product name: Cosminexus Application Server Enterprise Version 6
Product name: Cosminexus Application Server Standard Version 6
Version(s):
- AIX
- 06-50-/G June 21, 2007
- Products containing Cosminexus
Product name: Electronic Form Workflow - Standard Set
Product name: Electronic Form Workflow - Professional Library Set
Fixed component product name(*3)(*4)(*6):
- Cosminexus Component Container
- uCosminexus Application Server Standard
Fixed component product version(s)(*9):
- Windows
- 07-10-08 June 8, 2007
- 07-00-13 June 27, 2007
- Linux
- 07-10-08 June 8, 2007
- 07-00-13 July 2, 2007
Fixed component product version(s)(*10):
- Windows
- 06-71-/D July 25, 2007
Product name: Electronic Form Workflow - Developer Client Set
Fixed component product name(*3)(*5)(*7):
- Cosminexus Component Container
- uCosminexus Developer Light
Fixed component product version(s)(*9):
- Windows
- 07-10-08 June 8, 2007
- 07-00-13 June 27, 2007
Fixed component product version(s)(*11):
- Windows
- 06-71-/D July 25, 2007
Product name: uCosminexus ERP Integrator
Fixed component product name(*3)(*4)(*8):
- Cosminexus Component Container
- uCosminexus Application Server Standard
Fixed component product version(s)(*9):
- Windows
- 07-00-13 June 27, 2007
Fixed component product version(s)(*10):
- Windows
- 06-70-/D August 2, 2007
Product name: uCosminexus Collaboration - Server
Fixed component product name(*4):
- uCosminexus Application Server Standard
Fixed component product version(s)(*10):
- Windows
- 06-70-/D August 2, 2007
- 06-71-/D July 25, 2007
Product name: Groupmax Collaboration - Server
Fixed component product name(*4):
- uCosminexus Application Server Standard
Fixed component product version(s)(*10):
- Windows
- 06-70-/D August 2, 2007
- 06-71-/D July 25, 2007
Product name: uCosminexus/OpenTP1 Web Front-end Set
Fixed component product name(*4):
- uCosminexus Application Server Standard
Fixed component product version(s)(*10):
- Windows
- 06-70-/D August 2, 2007
For details on the fixed products, contact your Hitachi support service representative.
- *3
- Cosminexus Component Container, which is a component product, has been fixed. Apply the fixed version of the component product.
- *4
- uCosminexus Application Server Standard, which is a component product, has been fixed. Apply the fixed version of the component product.
- *5
- uCosminexus Developer Light, which is a component product, has been fixed. Apply the fixed version of the component product.
- *6
- If your Electronic Form Workflow version is 07-00-/B or later, apply the fixed version of Cosminexus Component Container.
If your Electronic Form Workflow version is 06-70-/D, apply the fixed version of uCosminexus Application Server Standard.
- *7
- If your Electronic Form Workflow version is 07-00-/B or later, apply the fixed version of Cosminexus Component Container.
If your Electronic Form Workflow version is 06-70-/D, apply the fixed version of uCosminexus Developer Light.
- *8
- If your uCosminexus ERP Integrator version is 02-00, apply the fixed version of Cosminexus Component Container.
If your uCosminexus ERP Integrator version is 01-02, apply the fixed version of uCosminexus Application Server Standard.
- *9
- These are the fixed versions of Cosminexus Component Container.
- *10
- These are the fixed versions of uCosminexus Application Server Standard.
- *11
- These are the fixed versions of uCosminexus Developer Light.