Hitachi uCosminexus Application Server Session Information Remote Unauthorized Access Vulnerability

Bugtraq ID:	23213
Class:	Access Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Mar 30 2007 12:00AM
Updated:	Jul 06 2007 03:07PM
Credit:	The vendor disclosed this issue.
Vulnerable:	Hitachi uCosminexus Service Platform 0 Hitachi uCosminexus Service Architect 0 Hitachi uCosminexus ERP Integrator 0 Hitachi uCosminexus Developer Standard 0 Hitachi uCosminexus Developer Professional 0 Hitachi uCosminexus Application Server Standard 0 Hitachi uCosminexus Application Server Enterprise 09-80 (Windows(x64)) Hitachi Electronic Form Workflow Standard Set 0 Hitachi Electronic Form Workflow Professional Library Set 0 Hitachi Electronic Form Workflow Developer Client Set 0
Not Vulnerable:

Hitachi uCosminexus Application Server Session Information Remote Unauthorized Access Vulnerability

Hitachi uCosminexus Application Server is prone to an unauthorized-access vulnerability.

An attacker can exploit this issue to gain unauthorized access to session information.

This issue affects the Hitachi uCosminexus Application Server, which is included in various Hitachi applications.

Hitachi uCosminexus Application Server Session Information Remote Unauthorized Access Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].

Hitachi uCosminexus Application Server Session Information Remote Unauthorized Access Vulnerability

Solution:
The vendor released an advisory and fixes for this issue. Please see the referenced advisory for more information.

Hitachi uCosminexus Application Server Session Information Remote Unauthorized Access Vulnerability

References:

• Hitachi Device Manager Homepage ( Hitachi)
  
• HS07-006 - Problem with Session Information Processing of uCosminexus Applicatio (Hitachi)