[原文]Unknown vulnerability in Hitachi Cosminexus Portal Framework 01-00, 01-01, 01-02, 02-01, 02-02, 02-03, and other versions allows remote attackers to obtain sensitive information in the <ut:cache> tag library.
Cosminexus Portal Framework contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an unspecified error within the <ut:cache> tag library occurs, which will disclose a user's personal information in the cache being displayed to another user resulting in a loss of confidentiality.
Upgrade to version HS04-006-01 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Edit the setup so that access to the portlet using the <ut:cache> tag library is forbidden. Please refer to the manual for the setup. When the above workaround is applied and the portlet of relevance has already been deployed on the portal by the end-user, the message "No permission for portlet" will appear on the portal and the portlet cannot be accessed. To enable access again, apply the fixed version, and then cancel the setup that forbids access to the portlet using the <ut:cache> tag library.