CVE-2007-4563

Description

Cosminexus Manager in Cosminexus Application Server 06-50 and later might assign the wrong user's group permissions to logical J2EE server processes, which allows local users to gain privileges.

Affected products

• Hitachi / cosminexus_application_server_enterprise06_50 – 06_50
• Hitachi / cosminexus_application_server_enterprise06_50 – 06_50
• Hitachi / cosminexus_application_server_enterprise06_50_b – 06_50_b
• Hitachi / cosminexus_application_server_enterprise06_50_c – 06_50_c
• Hitachi / cosminexus_application_server_enterprise06_50_c_1 – 06_50_c_1
• Hitachi / cosminexus_application_server_enterprise06_50_c_1 – 06_50_c_1
• Hitachi / cosminexus_application_server_enterprise06_50_e_1 – 06_50_e_1
• Hitachi / cosminexus_application_server_enterprise06_50_f – 06_50_f
• Hitachi / cosminexus_application_server_enterprise06_51 – 06_51
• Hitachi / cosminexus_application_server_enterprise06_51_b_1 – 06_51_b_1
• Hitachi / cosminexus_application_server_enterprise06_50 – 06_50
• Hitachi / cosminexus_application_server_enterprise06_51_c – 06_51_c
• Hitachi / cosminexus_application_server_enterprise06_50 – 06_50
• Hitachi / cosminexus_application_server_enterprise06_50 – 06_50
• Hitachi / cosminexus_application_server_standard06_51_c – 06_51_c
• Hitachi / cosminexus_application_server_standard06_50 – 06_50
• Hitachi / cosminexus_application_server_standard06_50 – 06_50
• Hitachi / cosminexus_application_server_standard06_50 – 06_50
• Hitachi / cosminexus_application_server_standard06_50 – 06_50
• Hitachi / cosminexus_application_server_standard06_50 – 06_50
• Hitachi / cosminexus_application_server_standard06_50_b – 06_50_b
• Hitachi / cosminexus_application_server_standard06_50_c – 06_50_c
• Hitachi / cosminexus_application_server_standard06_50_c_1 – 06_50_c_1
• Hitachi / cosminexus_application_server_standard06_50_c_1 – 06_50_c_1
• Hitachi / cosminexus_application_server_standard06_50_e_1 – 06_50_e_1
• Hitachi / cosminexus_application_server_standard06_50_f – 06_50_f
• Hitachi / cosminexus_application_server_standard06_51 – 06_51
• Hitachi / cosminexus_application_server_standard06_51 – 06_51
• Hitachi / cosminexus_application_server_standard06_51_b_1 – 06_51_b_1
• Hitachi / electronic_form_workflow-professional_library_set07_00 – 07_00
• Hitachi / electronic_form_workflow-professional_library_set07_00_b – 07_00_b
• Hitachi / electronic_form_workflow-standard_set07_00 – 07_00
• Hitachi / electronic_form_workflow-standard_set07_00_b – 07_00_b
• Hitachi / ucosminexus_application_server_enterprise07_10 – 07_10
• Hitachi / ucosminexus_application_server_enterprise06_70 – 06_70
• Hitachi / ucosminexus_application_server_enterprise06_70 – 06_70
• Hitachi / ucosminexus_application_server_enterprise06_70_a – 06_70_a
• Hitachi / ucosminexus_application_server_enterprise06_70_a – 06_70_a
• Hitachi / ucosminexus_application_server_enterprise06_70_b – 06_70_b
• Hitachi / ucosminexus_application_server_enterprise06_70_b – 06_70_b
• Hitachi / ucosminexus_application_server_enterprise06_70_b – 06_70_b
• Hitachi / ucosminexus_application_server_enterprise06_70_b – 06_70_b
• Hitachi / ucosminexus_application_server_enterprise06_70_b_1 – 06_70_b_1
• Hitachi / ucosminexus_application_server_enterprise06_70_d – 06_70_d
• Hitachi / ucosminexus_application_server_enterprise06_70_g – 06_70_g
• Hitachi / ucosminexus_application_server_enterprise06_71 – 06_71
• Hitachi / ucosminexus_application_server_enterprise06_71_b – 06_71_b
• Hitachi / ucosminexus_application_server_enterprise06_71_b – 06_71_b
• Hitachi / ucosminexus_application_server_enterprise06_71_c – 06_71_c
• Hitachi / ucosminexus_application_server_enterprise06_72_1 – 06_72_1
• Hitachi / ucosminexus_application_server_enterprise06_72_b – 06_72_b
• Hitachi / ucosminexus_application_server_enterprise06_72_b – 06_72_b
• Hitachi / ucosminexus_application_server_enterprise06_72_g – 06_72_g
• Hitachi / ucosminexus_application_server_enterprise07-00-01 – 07-00-01
• Hitachi / ucosminexus_application_server_enterprise07_00 – 07_00
• Hitachi / ucosminexus_application_server_enterprise07_00 – 07_00
• Hitachi / ucosminexus_application_server_enterprise07_00 – 07_00
• Hitachi / ucosminexus_application_server_enterprise07_00 – 07_00
• Hitachi / ucosminexus_application_server_enterprise07_00_12 – 07_00_12
• Hitachi / ucosminexus_application_server_enterprise07_10 – 07_10
• Hitachi / ucosminexus_application_server_enterprise07_10 – 07_10
• Hitachi / ucosminexus_application_server_enterprise07_10 – 07_10
• Hitachi / ucosminexus_application_server_enterprise07_10 – 07_10
• Hitachi / ucosminexus_application_server_enterprise07_10_1 – 07_10_1
• Hitachi / ucosminexus_application_server_enterprise07_10_06 – 07_10_06
• Hitachi / ucosminexus_application_server_enterprise07_10_08 – 07_10_08
• Hitachi / ucosminexus_application_server_standard06_70 – 06_70
• Hitachi / ucosminexus_application_server_standard06_70_a – 06_70_a
• Hitachi / ucosminexus_application_server_standard06_70_a – 06_70_a
• Hitachi / ucosminexus_application_server_standard06_70_b – 06_70_b
• Hitachi / ucosminexus_application_server_standard06_70_b – 06_70_b
• Hitachi / ucosminexus_application_server_standard06_70_b – 06_70_b
• Hitachi / ucosminexus_application_server_standard06_70_b – 06_70_b
• Hitachi / ucosminexus_application_server_standard06_70_b_1 – 06_70_b_1
• Hitachi / ucosminexus_application_server_standard06_70_c – 06_70_c
• Hitachi / ucosminexus_application_server_standard06_70_d – 06_70_d
• Hitachi / ucosminexus_application_server_standard06_71 – 06_71
• Hitachi / ucosminexus_application_server_standard06_71_b – 06_71_b
• Hitachi / ucosminexus_application_server_standard06_72_1 – 06_72_1
• Hitachi / ucosminexus_application_server_standard06_72_b_1 – 06_72_b_1
• Hitachi / ucosminexus_application_server_standard06_72_c – 06_72_c
• Hitachi / ucosminexus_application_server_standard06_72_d – 06_72_d
• Hitachi / ucosminexus_application_server_standard06_72_g – 06_72_g
• Hitachi / ucosminexus_application_server_standard07_00 – 07_00
• Hitachi / ucosminexus_application_server_standard07_00 – 07_00
• Hitachi / ucosminexus_application_server_standard07_00 – 07_00
• Hitachi / ucosminexus_application_server_standard07_00 – 07_00
• Hitachi / ucosminexus_application_server_standard07_00_1 – 07_00_1
• Hitachi / ucosminexus_application_server_standard07_10 – 07_10
• Hitachi / ucosminexus_application_server_standard07_10 – 07_10
• Hitachi / ucosminexus_application_server_standard07_10 – 07_10
• Hitachi / ucosminexus_application_server_standard07_10 – 07_10
• Hitachi / ucosminexus_service_platform07_00 – 07_00
• Hitachi / ucosminexus_service_platform07_10 – 07_10
• Hitachi / ucosminexus_service_platform07_10 – 07_10

References

• MISChttp://osvdb.org/37854
• MISChttp://www.hitachi-support.com/security_e/vuls_e/HS07-025_e/index-e.html
• MISChttp://www.securityfocus.com/bid/25434
• VENDOR_ADVISORYhttp://secunia.com/advisories/26589
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/36245