Cross-site request forgery (CSRF) vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to hijack the authentication of administrators for requests that update the password via idm/admin/changeself.jsp.
osvdb.org/49766
secunia.com/advisories/32606
sunsolve.sun.com/search/document.do?assetkey=1-26-243386-1
www.procheckup.com/vulnerability_manager/vulnerabilities/pr07-11
www.securityfocus.com/archive/1/498479/100/0/threaded
www.securityfocus.com/bid/32262
www.securitytracker.com/id?1021170
www.vupen.com/english/advisories/2008/3128
exchange.xforce.ibmcloud.com/vulnerabilities/46553