Lucene search

[email protected]NVD:CVE-2009-1082

HistoryMar 25, 2009 - 3:30 p.m.

CVE-2009-1082

2009-03-2515:30:00

CWE-20

[email protected]

web.nvd.nist.gov

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

6.8 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

75.8%

JSON

Sun Java System Identity Manager (IdM) 7.0 through 8.0 allows remote authenticated users to gain privileges by submitting crafted commands to the Admin Console, as demonstrated by privileges for account creation and other administrative capabilities, related to the saveNoValidate action and saveNoValidateAllowedFormsAndWorkflows IDs.

Affected configurations

NVD

Node

sunjava_system_identity_managerMatch7.0

sunjava_system_identity_managerMatch7.1

sunjava_system_identity_managerMatch7.1.1

sunjava_system_identity_managerMatch8.0

References

blogs.sun.com/security/entry/sun_alert_253267_sun_java

secunia.com/advisories/34380

securitytracker.com/id?1021881

sunsolve.sun.com/search/document.do?assetkey=1-21-137621-11-1

sunsolve.sun.com/search/document.do?assetkey=1-21-139010-06-1

sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1

sunsolve.sun.com/search/document.do?assetkey=1-21-140936-01-1

sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1

www.securityfocus.com/bid/34191

www.vupen.com/english/advisories/2009/0797

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

6.8 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

75.8%

JSON

Related for NVD:CVE-2009-1082

cve1 cvelist1 prion1