Design/Logic Flaw

2009-03-2515:30:00

PRIOn knowledge base

www.prio-n.com

7.4 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

75.8%

JSON

Sun Java System Identity Manager (IdM) 7.0 through 8.0 allows remote authenticated users to gain privileges by submitting crafted commands to the Admin Console, as demonstrated by privileges for account creation and other administrative capabilities, related to the saveNoValidate action and saveNoValidateAllowedFormsAndWorkflows IDs.

CPENameOperatorVersion
java_system_identity_managereq7.1.1
java_system_identity_managereq7.0
java_system_identity_managereq7.1
java_system_identity_managereq8.0

Name	Operator	Version
java_system_identity_manager	eq	7.1.1
java_system_identity_manager	eq	7.0
java_system_identity_manager	eq	7.1
java_system_identity_manager	eq	8.0

References

blogs.sun.com/security/entry/sun_alert_253267_sun_java

secunia.com/advisories/34380

securitytracker.com/id?1021881

sunsolve.sun.com/search/document.do?assetkey=1-21-137621-11-1

sunsolve.sun.com/search/document.do?assetkey=1-21-139010-06-1

sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1

sunsolve.sun.com/search/document.do?assetkey=1-21-140936-01-1

sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1

www.securityfocus.com/bid/34191

www.vupen.com/english/advisories/2009/0797