‫ Hitachi Multiple Cosminexus / uCosminexus Products Java Multiple Vulnerabilities

ID: IRCAD2015023727

Release Date: 2015-02-01

Criticality level: Highly critical

Software:

Cosminexus 6.x

Cosminexus 7.x

Cosminexus 8.x

Cosminexus 9.x

Cosminexus Application Server 5.x

Cosminexus Application Server 6.x

Cosminexus Client 6.x

Cosminexus Developer 5.x

Cosminexus Developer 6.x

Cosminexus Studio 5.x

uCosminexus Application Server

uCosminexus Client

uCosminexus Developer

uCosminexus Operator

uCosminexus Service Architect

uCosminexus Service Platform

Description:

Hitachi has acknowledged a security issue and multiple vulnerabilities in multiple Hitachi Cosminexus and uCosminexus products, which can be exploited by malicious, local users to disclose sensitive information, manipulate certain data, cause a DoS (Denial of Service), and perform certain actions with escalated privileges and by malicious people to disclose sensitive information, manipulate certain data, cause a DoS, and compromise a user's system.

Please see the vendor's advisory for a list of affected products and versions.

Solution

Please contact your Hitachi support service representative concerning fixes for the products.

References:

http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/./vuls/HS15-003/index.html

Secunia:

http://secunia.com/advisories/62553/