Lucene search

K
cve[email protected]CVE-2009-1075
HistoryOct 03, 2022 - 4:24 p.m.

CVE-2009-1075

2022-10-0316:24:00
CWE-255
web.nvd.nist.gov
22
cve-2009-1075
sun java
identity manager
remote attack
user enumeration

6.9 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.024 Low

EPSS

Percentile

89.9%

Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds differently to failed use of the Forgot Password feature depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.

Affected configurations

NVD
Node
sunjava_system_identity_managerMatch7.0
OR
sunjava_system_identity_managerMatch7.1
OR
sunjava_system_identity_managerMatch7.1.1
OR
sunjava_system_identity_managerMatch8.0

6.9 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.024 Low

EPSS

Percentile

89.9%

Related for CVE-2009-1075