Lucene search

[email protected]NVD:CVE-2009-1077

HistoryMar 25, 2009 - 3:30 p.m.

CVE-2009-1077

2009-03-2515:30:00

CWE-264

[email protected]

web.nvd.nist.gov

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

6.3 Medium

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.8%

JSON

The Change My Password implementation in the admin interface in Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not enforce the RequiresChallenge property setting, which allows remote authenticated users to change the passwords of other users, as demonstrated by changing the administrator’s password.

Affected configurations

NVD

Node

sunjava_system_identity_managerMatch7.0

sunjava_system_identity_managerMatch7.1

sunjava_system_identity_managerMatch7.1.1

sunjava_system_identity_managerMatch8.0

References

blogs.sun.com/security/entry/sun_alert_253267_sun_java

secunia.com/advisories/34380

securitytracker.com/id?1021881

sunsolve.sun.com/search/document.do?assetkey=1-21-137621-11-1

sunsolve.sun.com/search/document.do?assetkey=1-21-139010-06-1

sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1

sunsolve.sun.com/search/document.do?assetkey=1-21-140936-01-1

sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1

www.securityfocus.com/bid/34191

www.vupen.com/english/advisories/2009/0797

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

6.3 Medium

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.8%

JSON

Related for NVD:CVE-2009-1077

cvelist1 cve1 prion1