CVE-2009-2713

Sun Java System Access Manager 7.0 (2005Q4) and 7.1 with Cross Domain Single Sign On enabled is affected by CVE-2009-2713. The issue is that the CDCServlet component does not ensure policy advice is presented to the correct client, enabling potential information disclosure via unspecified vectors...

CVE-2009-2712

CVE-2009-2712 affects Sun Java System Access Manager (6.3/2005Q1, 7.0/2005Q4, 7.1) and OpenSSO/OpenSSO Enterprise 8.0. When AMConfig.properties enables the debug flag, local users can read debug files and discover cleartext passwords (information disclosure; confidentiality impact). Patch referen...

CVE-2009-2268

CVE-2009-2268 affects Sun Java System Access Manager 6 2005Q1, 7 2005Q4, and 7.1 where the Cross-Domain Controller (CDC) servlet is vulnerable to cross‑site scripting via unspecified vectors. The issue is evidenced in Nessus/Solaris patches that reference CVE-2009-2268 among related fixes (e.g., ...

CVE-2009-0170

Technical details about CVE-2009-0170 are not publicly available in the provided connected documents. Monitor for updates from vendors and advisories to determine affected products, impact, and fixes.

CVE-2008-1204

CVE-2008-1204: XSS vulnerabilities in the Administration Console of Sun Java System Access Manager 7.1 and 7 2005Q4 allow remote attackers to inject arbitrary web script/HTML via unspecified vectors in the Help and Version windows. The NVD entry lists a base CVSS v2 score of 4.3 (Network attack v...