CVE-2007-4124

Name of the Vulnerable Software and Affected Versions Cosminexus versions prior to 20070731 Cosminexus Component Container in Cosminexus 6 Cosminexus Component Container in Cosminexus 6.7 Cosminexus Component Container in Cosminexus 7

Description The issue concerns the session failover function in Cosminexus Component Container. Under unspecified conditions, it can use session data for the wrong user. This might allow remote authenticated users to obtain sensitive information, corrupt another user's session data, and possibly gain privileges.

Recommendations For Cosminexus versions prior to 20070731, update to a version released after 20070731 to resolve the issue. For Cosminexus 6, consider disabling the session failover function until a patch is available. For Cosminexus 6.7, restrict access to sensitive information to minimize the risk of exploitation. For Cosminexus 7, avoid using the session failover function in multi-user environments until the issue is resolved.