1772 matches found
Default credentials
Sun Java System Identity Manager IdM 7.0 through 8.0 responds differently to failed use of the Forgot Password feature depending on whether the user account exists, which allows remote attackers to enumerate valid usernames...
CVE-2009-1078
Sun Java System Identity Manager IdM 7.0 through 8.0 does not enforce the expected privilege requirements for 1 deleting audit policies and 2 modifying workflows, which allows remote authenticated users to have an unspecified impact...
CVE-2009-1081
Multiple cross-site scripting XSS vulnerabilities in Sun Java System Identity Manager IdM 7.0 through 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs 19595 and 19661...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Sun Java System Identity Manager IdM 7.0 through 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs 19595 and 19661...
CVE-2009-1083
Sun Java System Identity Manager IdM 7.0 through 8.0 on Linux, AIX, Solaris, and HP-UX permits "control characters" in the passwords of user accounts, which allows remote attackers to execute arbitrary commands via vectors involving "resource adapters."...
CVE-2009-1084
Sun Java System Identity Manager IdM 7.0 through 8.0 does not properly restrict access to the System Configuration object, which allows remote authenticated administrators and possibly remote attackers to have an unspecified impact by modifying this object...
CVE-2009-1075
CVE-2009-1075 affects Sun Java System Identity Manager (IdM) 7.0–8.0. The issue arises from how the system handles failed Forgot Password requests, returning different responses when an account exists versus when it does not. This behavior enables remote attackers to enumerate valid usernames, ex...
CVE-2009-1084
Sun Java System Identity Manager (IdM) versions 7.0–8.0 are affected by an access-control weakness in the System Configuration object that allows remote authenticated administrators, and possibly remote attackers, to modify the object with an unspecified impact. The root cause is improper restric...
CVE-2009-1076
CVE-2009-1076 affects Sun Java System Identity Manager (IdM) 7.0 through 8.0. The end-user login flow based on a question, when used with IDMROOT/questionLogin.jsp?accountId=USER, reveals different responses depending on whether USER exists. This behavior enables remote attackers to enumerate val...
CVE-2009-1077
The CVE-2009-1077 entry concerns Sun Java System Identity Manager (IdM) 7.0–8.0. The admin Change My Password functionality fails to enforce the RequiresChallenge setting, enabling remote authenticated users to change other users’ passwords, demonstrated by altering the administrator account. Doc...
CVE-2009-1079
Multiple cross-site scripting XSS vulnerabilities in Sun Java System Identity Manager IdM 7.0 through 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs 19659, 19660, and 19683...
CVE-2009-1074
Sun Java System Identity Manager IdM 7.0 through 8.0 does not use SSL in all expected circumstances, which makes it easier for remote attackers to obtain sensitive information by sniffing the network, related to "ssl termination devices" and lack of support for relative URLs...
CVE-2009-1081
Multiple cross-site scripting XSS vulnerabilities in Sun Java System Identity Manager IdM 7.0 through 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs 19595 and 19661...
CVE-2009-1075
Sun Java System Identity Manager IdM 7.0 through 8.0 responds differently to failed use of the Forgot Password feature depending on whether the user account exists, which allows remote attackers to enumerate valid usernames...
CVE-2009-1074
CVE-2009-1074 affects Sun Java System Identity Manager (IdM) 7.0 through 8.0. The issue is that SSL is not used in all expected circumstances, enabling remote attackers to potentially obtain sensitive information by sniffing network traffic. The description notes related factors such as lack of s...
CVE-2009-1078
Sun Java System Identity Manager IdM 7.0 through 8.0 does not enforce the expected privilege requirements for 1 deleting audit policies and 2 modifying workflows, which allows remote authenticated users to have an unspecified impact...
CVE-2009-1079
CVE-2009-1079 applies to Sun Java System Identity Manager (IdM) 7.0 through 8.0. The vulnerability is described as multiple cross-site scripting (XSS) flaws that allow remote attackers to inject arbitrary web script or HTML via unspecified vectors (Bug IDs 19659, 19660, 19683). The affected softw...
CVE-2009-1080
CVE-2009-1080 affects Sun Java System Identity Manager (IdM) 7.0 through 8.0. The vulnerability is described as multiple cross-site scripting (XSS) flaws that allow remote attackers to inject arbitrary web script or HTML via unspecified vectors (Bug ID 19033). Affected component: IdM web interfac...
CVE-2009-1078
CVE-2009-1078 affects Sun Java System Identity Manager (IdM) 7.0–8.0. The issue is that the product does not enforce the expected privilege requirements for (1) deleting audit policies and (2) modifying workflows, allowing remote authenticated users to have an unspecified impact. The available co...
CVE-2009-1081
CVE-2009-1081 affects Sun Java System Identity Manager (IdM) 7.0–8.0. The issue is multiple cross-site scripting (XSS) flaws that allow remote attackers to inject arbitrary web script or HTML via unspecified vectors (Bug IDs 19595 and 19661). The connected documents do not provide concrete exploi...