Design/Logic Flaw

2009-03-2515:30:00

PRIOn knowledge base

www.prio-n.com

7.1 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

58.5%

JSON

Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not properly restrict access to the System Configuration object, which allows remote authenticated administrators and possibly remote attackers to have an unspecified impact by modifying this object.

CPENameOperatorVersion
java_system_identity_managereq7.1.1
java_system_identity_managereq7.0
java_system_identity_managereq7.1
java_system_identity_managereq8.0

Name	Operator	Version
java_system_identity_manager	eq	7.1.1
java_system_identity_manager	eq	7.0
java_system_identity_manager	eq	7.1
java_system_identity_manager	eq	8.0

References

blogs.sun.com/security/entry/sun_alert_253267_sun_java

secunia.com/advisories/34380

securitytracker.com/id?1021881

sunsolve.sun.com/search/document.do?assetkey=1-21-139010-06-1

sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1

sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1

www.securityfocus.com/bid/34191

www.vupen.com/english/advisories/2009/0797

exchange.xforce.ibmcloud.com/vulnerabilities/49607