Lucene search

K
cve[email protected]CVE-2008-0240
HistoryJan 11, 2008 - 10:46 p.m.

CVE-2008-0240

2008-01-1122:46:00
CWE-79
web.nvd.nist.gov
17
sun java
identity manager
frame injection
vulnerability
cve-2008-0240
nvd

6.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

79.1%

/idm/help/index.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to inject frames from arbitrary web sites and conduct phishing attacks via the helpUrl parameter, aka “frame injection.”

Affected configurations

NVD
Node
sunjava_system_identity_managerMatch6.0sp1
OR
sunjava_system_identity_managerMatch6.0sp2
OR
sunjava_system_identity_managerMatch6.0sp3
OR
sunjava_system_identity_managerMatch7.0
OR
sunjava_system_identity_managerMatch7.1

6.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

79.1%

Related for CVE-2008-0240