Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
SunJava System Access Manager

15 matches found

CVE
CVEadded 2009/08/07 6:33 p.m.75 views

CVE-2009-2713

Sun Java System Access Manager 7.0 (2005Q4) and 7.1 with Cross Domain Single Sign On enabled is affected by CVE-2009-2713. The issue is that the CDCServlet component does not ensure policy advice is presented to the correct client, enabling potential information disclosure via unspecified vectors...

4.3CVSS5.9AI score0.0171EPSS
CVE
CVEadded 2011/01/19 4:0 p.m.74 views

CVE-2010-4444

CVE-2010-4444 affects Oracle Sun Java System Access Manager and Oracle OpenSSO versions 7, 7.1, and 8. The connected documents describe an unspecified vulnerability that could impact confidentiality, integrity, and availability via unknown vectors, with a CVSSv2 base score of 6.8 (network access,...

6.8CVSS6AI score0.0227EPSS
CVE
CVEadded 2008/06/30 10:0 p.m.71 views

CVE-2008-2945

Technical details for CVE-2008-2945 are not provided in the connected documents; public disclosures and remediation are not covered here. Monitor for updates.

7.5CVSS7.2AI score0.02797EPSS
CVE
CVEadded 2009/08/07 6:33 p.m.65 views

CVE-2009-2712

CVE-2009-2712 affects Sun Java System Access Manager (6.3/2005Q1, 7.0/2005Q4, 7.1) and OpenSSO/OpenSSO Enterprise 8.0. When AMConfig.properties enables the debug flag, local users can read debug files and discover cleartext passwords (information disclosure; confidentiality impact). Patch referen...

2.1CVSS6AI score0.0037EPSS
CVE
CVEadded 2006/02/04 12:0 a.m.63 views

CVE-2006-0531

CVE-2006-0531 affects Sun Java System Access Manager 7.0. The vulnerability allows local users logged in as root to bypass authentication and gain top-level administrator privileges via the amadmin CLI. Remediation referenced in connected documents includes Sun patches 120954-12 and 120955-12 for...

7.2CVSS6.5AI score0.00396EPSS
CVE
CVEadded 2007/07/11 11:0 p.m.63 views

CVE-2007-3700

CVE-2007-3700 affects Sun Java System Access Manager (formerly Java System Identity Server) prior to 20070710. When AMConfig.properties sets com.iplanet.services.debug.level to a debug value, the product logs cleartext login passwords to /var/opt/SUNWam/debug/amAuth, enabling a local user to read...

1.7CVSS6.2AI score0.00318EPSS
CVE
CVEadded 2009/01/29 7:0 p.m.62 views

CVE-2009-0348

CVE-2009-0348 affects Sun Java System Access Manager: login module responsiveness difference during failed logins allows remote username enumeration. Versions implicated: 6 2005Q1 (aka 6.3), 7 2005Q4 (aka 7.0), and 7.1. The description does not specify an exploit or affected patch level beyond th...

5CVSS6.4AI score0.08162EPSS
CVE
CVEadded 2009/07/01 12:26 p.m.62 views

CVE-2009-2268

CVE-2009-2268 affects Sun Java System Access Manager 6 2005Q1, 7 2005Q4, and 7.1 where the Cross-Domain Controller (CDC) servlet is vulnerable to cross‑site scripting via unspecified vectors. The issue is evidenced in Nessus/Solaris patches that reference CVE-2009-2268 among related fixes (e.g., ...

2.6CVSS5.5AI score0.01648EPSS
CVE
CVEadded 2007/10/01 12:0 a.m.54 views

CVE-2007-5153

Technical details about CVE-2007-5153 are not publicly available in the provided documents; affected products, impact, and remediation specifics are not disclosed. Monitor for updates from official sources.

6.8CVSS7.7AI score0.03434EPSS
CVE
CVEadded 2007/01/31 6:0 p.m.53 views

CVE-2007-0628

CVE-2007-0628 concerns multiple XSS vulnerabilities in Sun Java System Access Manager versions 6.1, 6.2, 6 2005Q1 (6.3), and 7 2005Q4 (7.0) prior to 20070129. The flaws allow remote attackers to inject arbitrary web script or HTML through the goto or gx-charset parameters. The NVD entry lists a C...

4.3CVSS5.8AI score0.01937EPSS
CVE
CVEadded 2007/10/01 12:0 a.m.53 views

CVE-2007-5152

Summary: CVE-2007-5152 affects Sun Java System Access Manager 7.1 when installed in a Sun Java System Application Server 9.1 container. The issue is that authentication is not required after a container restart, enabling remote attackers to perform administrative tasks. The vulnerability is evide...

7.5CVSS6.9AI score0.02825EPSS
CVE
CVEadded 2008/06/16 6:26 p.m.51 views

CVE-2008-2705

Technical details about CVE-2008-2705 are not publicly available in the provided connected documents. Monitor for updates from official advisories; sources summarize an authentication bypass in Sun Java System Access Manager with DSEE, but specifics are not given.

9.3CVSS7AI score0.03569EPSS
CVE
CVEadded 2009/01/16 9:0 p.m.49 views

CVE-2009-0170

Technical details about CVE-2009-0170 are not publicly available in the provided connected documents. Monitor for updates from vendors and advisories to determine affected products, impact, and fixes.

6CVSS6.2AI score0.01672EPSS
CVE
CVEadded 2009/01/16 9:0 p.m.47 views

CVE-2009-0169

CVE-2009-0169 affects Sun Java System Access Manager 7.1. The vulnerability allows a remote authenticated sub-realm administrator to escalate privileges by creating the amadmin account in the sub-realm and then logging in as amadmin in the root realm. The available data confirms an in-realm privi...

9CVSS6.8AI score0.02983EPSS
CVE
CVEadded 2008/03/08 12:0 a.m.42 views

CVE-2008-1204

CVE-2008-1204: XSS vulnerabilities in the Administration Console of Sun Java System Access Manager 7.1 and 7 2005Q4 allow remote attackers to inject arbitrary web script/HTML via unspecified vectors in the Help and Version windows. The NVD entry lists a base CVSS v2 score of 4.3 (Network attack v...

4.3CVSS5.8AI score0.01659EPSS