CVE-2008-0240
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
79.1%
/idm/help/index.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to inject frames from arbitrary web sites and conduct phishing attacks via the helpUrl parameter, aka “frame injection.”
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| sun | java_system_identity_manager | 6.0 | cpe:2.3:a:sun:java_system_identity_manager:6.0:sp1:*:*:*:*:*:* |
| sun | java_system_identity_manager | 6.0 | cpe:2.3:a:sun:java_system_identity_manager:6.0:sp2:*:*:*:*:*:* |
| sun | java_system_identity_manager | 6.0 | cpe:2.3:a:sun:java_system_identity_manager:6.0:sp3:*:*:*:*:*:* |
| sun | java_system_identity_manager | 7.0 | cpe:2.3:a:sun:java_system_identity_manager:7.0:*:*:*:*:*:*:* |
| sun | java_system_identity_manager | 7.1 | cpe:2.3:a:sun:java_system_identity_manager:7.1:*:*:*:*:*:*:* |
References
secunia.com/advisories/28356
securityreason.com/securityalert/3535
sunsolve.sun.com/search/document.do?assetkey=1-26-103180-1
sunsolve.sun.com/search/document.do?assetkey=1-66-200558-1
www.procheckup.com/Vulnerability_PR07-10.php
www.securityfocus.com/archive/1/486076/100/0/threaded
www.securityfocus.com/bid/27214
www.vupen.com/english/advisories/2008/0089
exchange.xforce.ibmcloud.com/vulnerabilities/39586
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
79.1%