Lucene search

K
cve[email protected]CVE-2009-1074
HistoryOct 03, 2022 - 4:23 p.m.

CVE-2009-1074

2022-10-0316:23:58
CWE-310
web.nvd.nist.gov
21
cve-2009-1074
sun java
identity manager
idm
ssl
network security
remote attack

6.3 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

69.9%

Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not use SSL in all expected circumstances, which makes it easier for remote attackers to obtain sensitive information by sniffing the network, related to “ssl termination devices” and lack of support for relative URLs.

Affected configurations

NVD
Node
sunjava_system_identity_managerMatch7.0
OR
sunjava_system_identity_managerMatch7.1
OR
sunjava_system_identity_managerMatch7.1.1
OR
sunjava_system_identity_managerMatch8.0

6.3 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

69.9%

Related for CVE-2009-1074