CVE-2007-4564

Summary

CVE	CVE-2007-4564
State	PUBLISHED
Assigner	mitre
Source Priority	CVE Program / NVD first with legacy fallback
Published	2007-08-28 01:17:00 UTC
Updated	2026-04-23 00:35:47 UTC
Description	Cosminexus Manager in Cosminexus Application Server 07-00 and later might assign the wrong user's group permissions to logical user server processes, which allows local users to gain privileges.

Risk And Classification

Primary CVSS: v2.0 4.6 from [email protected]

AV:L/AC:L/Au:N/C:P/I:P/A:P

Problem Types: CWE-264 | n/a

CVSS v2.0 Breakdown

Access Vector

Local

Access Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Hitachi	Cosminexus Application Server Enterprise	06_50	All	aix	All
Application	Hitachi	Cosminexus Application Server Enterprise	06_50	All	hpux	All
Application	Hitachi	Cosminexus Application Server Enterprise	06_50	All	linux	All
Application	Hitachi	Cosminexus Application Server Enterprise	06_50	All	linux_ipf	All
Application	Hitachi	Cosminexus Application Server Enterprise	06_50	All	solaris	All
Application	Hitachi	Cosminexus Application Server Enterprise	06_50_b	All	linux_ipf	All
Application	Hitachi	Cosminexus Application Server Enterprise	06_50_c	All	linux	All
Application	Hitachi	Cosminexus Application Server Enterprise	06_50_c_1	All	hpux_ipf	All
Application	Hitachi	Cosminexus Application Server Enterprise	06_50_c_1	All	solaris	All
Application	Hitachi	Cosminexus Application Server Enterprise	06_50_e_1	All	hpux	All
Application	Hitachi	Cosminexus Application Server Enterprise	06_50_f	All	aix	All
Application	Hitachi	Cosminexus Application Server Enterprise	06_51	All	linux_ipf	All
Application	Hitachi	Cosminexus Application Server Enterprise	06_51_b_1	All	linux_ipf	All
Application	Hitachi	Cosminexus Application Server Enterprise	06_51_c	All	linux	All
Application	Hitachi	Cosminexus Application Server Standard	06_50	All	aix	All
Application	Hitachi	Cosminexus Application Server Standard	06_50	All	hpux	All
Application	Hitachi	Cosminexus Application Server Standard	06_50	All	hpux_ipf	All
Application	Hitachi	Cosminexus Application Server Standard	06_50	All	linux	All
Application	Hitachi	Cosminexus Application Server Standard	06_50	All	linux_ipf	All
Application	Hitachi	Cosminexus Application Server Standard	06_50_b	All	linux_ipf	All
Application	Hitachi	Cosminexus Application Server Standard	06_50_c	All	linux	All
Application	Hitachi	Cosminexus Application Server Standard	06_50_c_1	All	hpux_ipf	All
Application	Hitachi	Cosminexus Application Server Standard	06_50_c_1	All	solaris	All
Application	Hitachi	Cosminexus Application Server Standard	06_50_e_1	All	hpux	All
Application	Hitachi	Cosminexus Application Server Standard	06_50_f	All	aix	All
Application	Hitachi	Cosminexus Application Server Standard	06_51	All	linux	All
Application	Hitachi	Cosminexus Application Server Standard	06_51	All	linux_ipf	All
Application	Hitachi	Cosminexus Application Server Standard	06_51_b_1	All	linux	All
Application	Hitachi	Cosminexus Application Server Standard	06_51_c	All	linux	All
Application	Hitachi	Electronic Form Workflow -professional Library Set	07_00	All	linux	All
Application	Hitachi	Electronic Form Workflow -professional Library Set	07_00_b	All	linux	All
Application	Hitachi	Electronic Form Workflow - Standard Set	07_00	All	linux	All
Application	Hitachi	Electronic Form Workflow - Standard Set	07_00_b	All	linux	All
Application	Hitachi	Ucosminexus Application Server Enterprise	06_70	All	aix	All
Application	Hitachi	Ucosminexus Application Server Enterprise	06_70	All	solaris	All
Application	Hitachi	Ucosminexus Application Server Enterprise	06_70_a	All	aix	All
Application	Hitachi	Ucosminexus Application Server Enterprise	06_70_a	All	solaris	All
Application	Hitachi	Ucosminexus Application Server Enterprise	06_70_b	All	aix	All
Application	Hitachi	Ucosminexus Application Server Enterprise	06_70_b	All	hpux_ipf	All
Application	Hitachi	Ucosminexus Application Server Enterprise	06_70_b	All	linux_ipf	All
Application	Hitachi	Ucosminexus Application Server Enterprise	06_70_b	All	solaris	All
Application	Hitachi	Ucosminexus Application Server Enterprise	06_70_b_1	All	linux	All
Application	Hitachi	Ucosminexus Application Server Enterprise	06_70_d	All	aix	All
Application	Hitachi	Ucosminexus Application Server Enterprise	06_70_g	All	hpux_ipf	All
Application	Hitachi	Ucosminexus Application Server Enterprise	06_71	All	linux	All
Application	Hitachi	Ucosminexus Application Server Enterprise	06_71_b	All	hpux	All
Application	Hitachi	Ucosminexus Application Server Enterprise	06_71_b	All	linux	All
Application	Hitachi	Ucosminexus Application Server Enterprise	06_71_c	All	solaris	All
Application	Hitachi	Ucosminexus Application Server Enterprise	06_72_1	All	hpux	All
Application	Hitachi	Ucosminexus Application Server Enterprise	06_72_b	All	linux	All
Application	Hitachi	Ucosminexus Application Server Enterprise	06_72_b	All	linux_ipf	All
Application	Hitachi	Ucosminexus Application Server Enterprise	06_72_g	All	hpux_ipf	All
Application	Hitachi	Ucosminexus Application Server Enterprise	07-00-01	All	linux	All
Application	Hitachi	Ucosminexus Application Server Enterprise	07_00	All	aix	All
Application	Hitachi	Ucosminexus Application Server Enterprise	07_00	All	hpux_ipf	All
Application	Hitachi	Ucosminexus Application Server Enterprise	07_00	All	linux	All
Application	Hitachi	Ucosminexus Application Server Enterprise	07_00	All	solaris	All
Application	Hitachi	Ucosminexus Application Server Enterprise	07_00_12	All	hpux_ipf	All
Application	Hitachi	Ucosminexus Application Server Enterprise	07_10	All	aix	All
Application	Hitachi	Ucosminexus Application Server Enterprise	07_10	All	hpux	All
Application	Hitachi	Ucosminexus Application Server Enterprise	07_10	All	hpux_ipf	All
Application	Hitachi	Ucosminexus Application Server Enterprise	07_10	All	linux	All
Application	Hitachi	Ucosminexus Application Server Enterprise	07_10	All	linux_ipf	All
Application	Hitachi	Ucosminexus Application Server Enterprise	07_10_06	All	linux_ipf	All
Application	Hitachi	Ucosminexus Application Server Enterprise	07_10_08	All	hpux_ipf	All
Application	Hitachi	Ucosminexus Application Server Enterprise	07_10_1	All	linux_ipf	All
Application	Hitachi	Ucosminexus Application Server Standard	06_70	All	solaris	All
Application	Hitachi	Ucosminexus Application Server Standard	06_70_a	All	aix	All
Application	Hitachi	Ucosminexus Application Server Standard	06_70_a	All	solaris	All
Application	Hitachi	Ucosminexus Application Server Standard	06_70_b	All	aix	All
Application	Hitachi	Ucosminexus Application Server Standard	06_70_b	All	hpux	All
Application	Hitachi	Ucosminexus Application Server Standard	06_70_b	All	linux_ipf	All
Application	Hitachi	Ucosminexus Application Server Standard	06_70_b	All	solaris	All
Application	Hitachi	Ucosminexus Application Server Standard	06_70_b_1	All	linux	All
Application	Hitachi	Ucosminexus Application Server Standard	06_70_c	All	solaris	All
Application	Hitachi	Ucosminexus Application Server Standard	06_70_d	All	aix	All
Application	Hitachi	Ucosminexus Application Server Standard	06_71	All	linux	All
Application	Hitachi	Ucosminexus Application Server Standard	06_71_b	All	linux	All
Application	Hitachi	Ucosminexus Application Server Standard	06_72_1	All	hpux	All
Application	Hitachi	Ucosminexus Application Server Standard	06_72_b_1	All	linux	All
Application	Hitachi	Ucosminexus Application Server Standard	06_72_c	All	solaris	All
Application	Hitachi	Ucosminexus Application Server Standard	06_72_d	All	aix	All
Application	Hitachi	Ucosminexus Application Server Standard	06_72_g	All	hpux_ipf	All
Application	Hitachi	Ucosminexus Application Server Standard	07_00	All	aix	All
Application	Hitachi	Ucosminexus Application Server Standard	07_00	All	hpux_ipf	All
Application	Hitachi	Ucosminexus Application Server Standard	07_00	All	linux	All
Application	Hitachi	Ucosminexus Application Server Standard	07_00	All	solaris	All
Application	Hitachi	Ucosminexus Application Server Standard	07_00_1	All	linux	All
Application	Hitachi	Ucosminexus Application Server Standard	07_10	All	hpux	All
Application	Hitachi	Ucosminexus Application Server Standard	07_10	All	hpux_ipf	All
Application	Hitachi	Ucosminexus Application Server Standard	07_10	All	linux	All
Application	Hitachi	Ucosminexus Application Server Standard	07_10	All	linux_ipf	All
Application	Hitachi	Ucosminexus Service Platform	07_00	All	linux	All
Application	Hitachi	Ucosminexus Service Platform	07_10	All	aix	All
Application	Hitachi	Ucosminexus Service Platform	07_10	All	linux	All

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	Na	N/a	affected n/a	Not specified

References

Reference	Source	Link	Tags
osvdb.org/37855	af854a3a-2127-422b-91ae-364da2661108	osvdb.org
Hitachi Cosminexus Application Server Multiple Unauthorized Access Weaknesses	af854a3a-2127-422b-91ae-364da2661108	www.securityfocus.com
Hitachi Cosminexus Application Server Incorrect Handling of Group Permissions - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Patch, Vendor Advisory
IBM X-Force Exchange	af854a3a-2127-422b-91ae-364da2661108	exchange.xforce.ibmcloud.com
Problem about Illegal Granting of Group Permissions in Cosminexus Application Server: Software Vulnerability Information: Software: Hitachi	af854a3a-2127-422b-91ae-364da2661108	www.hitachi-support.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.