製品・ソフトウェアに関する情報

JVN脆弱性詳細

Cosminexusにおける複数の脆弱性

Title	Cosminexusにおける複数の脆弱性
Summary	Cosminexus Component Containerに以下の脆弱性が存在します。 CVE-2025-48988, CVE-2025-48976 影響を受けるバージョンを下記に示しますので，対策版の適用をお願いします。なお，Servlet仕様のファイルアップロード機能を使用していない場合は発生しません。また本問題は，Cosminexus Component Containerを構成製品とする，日立製品にも該当します。 Cosminexus製品で影響を受けるバージョンを下記に示します。Cosminexus製品に含まれるCosminexus Component Containerのバージョン，及びCosminexus製品の対策バージョンについては，サポートサービス窓口へご相談願います。
Possible impacts	想定される影響については、ベンダ情報をご確認ください。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Jan. 27, 2026, midnight
Registration Date	Jan. 29, 2026, 10:21 a.m.
Last Update	Jan. 29, 2026, 10:21 a.m.

Affected System

日立

uCosminexus Application Server AIX 09-00 - 11-00-02

uCosminexus Application Server HP-UX(IPF) 09-00 - 09-50-02

uCosminexus Application Server Linux 09-00 - 11-60

uCosminexus Application Server Windows 09-00 - 09-70-03

uCosminexus Application Server Windows(x64) 09-00 - 11-60-01

uCosminexus Application Server(64) AIX 09-00 - 11-00-02

uCosminexus Application Server(64) HP-UX(IPF) 09-00 - 09-50-02

uCosminexus Application Server(64) Linux 09-00 - 11-60

uCosminexus Application Server(64) Windows 09-00 - 09-70-03

uCosminexus Application Server(64) Windows(x64) 09-00 - 11-60-01

uCosminexus Application Server-R AIX 09-00 - 11-00-02

uCosminexus Application Server-R HP-UX(IPF) 09-00 - 09-50-02

uCosminexus Application Server-R Linux 09-00 - 11-60

uCosminexus Application Server-R Windows 09-00 - 09-70-03

uCosminexus Application Server-R Windows(x64) 09-00 - 11-60-01

uCosminexus Developer AIX 09-00 - 11-00-02

uCosminexus Developer HP-UX(IPF) 09-00 - 09-50-02

uCosminexus Developer Linux 09-00 - 11-60

uCosminexus Developer Windows 09-00 - 09-70-03

uCosminexus Developer Windows(x64) 09-00 - 11-60-01

uCosminexus Primary Server Base AIX 09-00 - 11-00-02

uCosminexus Primary Server Base HP-UX(IPF) 09-00 - 09-50-02

uCosminexus Primary Server Base Linux 09-00 - 11-60

uCosminexus Primary Server Base Windows 09-00 - 09-70-03

uCosminexus Primary Server Base Windows(x64) 09-00 - 11-60-01

uCosminexus Primary Server Base(64) AIX 09-00 - 11-00-02

uCosminexus Primary Server Base(64) HP-UX(IPF) 09-00 - 09-50-02

uCosminexus Primary Server Base(64) Linux 09-00 - 11-60

uCosminexus Primary Server Base(64) Windows 09-00 - 09-70-03

uCosminexus Primary Server Base(64) Windows(x64) 09-00 - 11-60-01

uCosminexus Service Architect AIX 09-00 - 11-00-02

uCosminexus Service Architect HP-UX(IPF) 09-00 - 09-50-02

uCosminexus Service Architect Linux 09-00 - 11-60

uCosminexus Service Architect Windows 09-00 - 09-70-03

uCosminexus Service Architect Windows(x64) 09-00 - 11-60-01

uCosminexus Service Platform AIX 09-00 - 11-00-02

uCosminexus Service Platform HP-UX(IPF) 09-00 - 09-50-02

uCosminexus Service Platform Linux 09-00 - 11-60

uCosminexus Service Platform Windows 09-00 - 09-70-03

uCosminexus Service Platform Windows(x64) 09-00 - 11-60-01

uCosminexus Service Platform(64) AIX 09-00 - 11-00-02

uCosminexus Service Platform(64) HP-UX(IPF) 09-00 - 09-50-02

uCosminexus Service Platform(64) Linux 09-00 - 11-60

uCosminexus Service Platform(64) Windows 09-00 - 09-70-03

uCosminexus Service Platform(64) Windows(x64) 09-00 - 11-60-01

プログラミング環境 for Java AIX 09-00 - 11-00-02

プログラミング環境 for Java HP-UX(IPF) 09-00 - 09-50-02

プログラミング環境 for Java Linux 09-00 - 11-60

プログラミング環境 for Java Windows 09-00 - 09-70-03

プログラミング環境 for Java Windows(x64) 09-00 - 11-60-01

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2025-48976	https://www.cve.org/CVERecord?id=CVE-2025-48976
2	CVE-2025-48988	https://www.cve.org/CVERecord?id=CVE-2025-48988

ベンダー情報

No	Name	URL
ソフトウェア製品セキュリティ情報
1	hitachi-sec-2026-103	https://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2026-103/index.html

Change Log

No	Changed Details	Date of change
1	[2026年01月29日] 掲載	Jan. 29, 2026, 10:08 a.m.

NVD Vulnerability Information

CVE-2025-48976

Summary	Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue.
Publication Date	June 17, 2025, 12:15 a.m.
Registration Date	June 17, 2025, 4 a.m.
Last Update	June 17, 2025, 11:15 p.m.

Related information, measures and tools

No	URL	refsource	タグ
1	http://www.openwall.com/lists/oss-security/2025/06/16/4
2	https://lists.apache.org/thread/fbs3wrr3p67vkjcxogqqqqz45pqtso12

Common Vulnerabilities List

CVE-2025-48988

Summary	Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.
Publication Date	June 17, 2025, 12:15 a.m.
Registration Date	June 17, 2025, 4 a.m.
Last Update	June 18, 2025, 4:15 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	http://www.openwall.com/lists/oss-security/2025/06/16/1
2	https://lists.apache.org/thread/nzkqsok8t42qofgqfmck536mtyzygp18

Common Vulnerabilities List