Java System Access Manager@7.1 Security Vulnerabilities and Issues — Java System Access Manager@7.1 CVE List

Lucene search

SunJava System Access Manager7.1

11 matches found

CVE•added 2009/08/07 7:0 p.m.•60 views

CVE-2009-2713

The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4 and 7.1, when Cross Domain Single Sign On (CDSSO) is enabled, does not ensure that "policy advice" is presented to the correct client, which allows remote attackers to obtain sensitive information via unspecified vectors.

4.3CVSS5.9AI score0.00417EPSS

CVE•added 2008/06/30 10:41 p.m.•51 views

CVE-2008-2945

Sun Java System Access Manager 6.3 through 7.1 and Sun Java System Identity Server 6.1 and 6.2 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715...

7.5CVSS7.2AI score0.06839EPSS

CVE•added 2009/07/01 1:0 p.m.•51 views

CVE-2009-2268

Cross-site scripting (XSS) vulnerability in the Cross-Domain Controller (CDC) servlet in Sun Java System Access Manager 6 2005Q1, 7 2005Q4, and 7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

2.6CVSS5.5AI score0.00245EPSS

CVE•added 2009/08/07 7:0 p.m.•46 views

CVE-2009-2712

Sun Java System Access Manager 6.3 2005Q1, 7.0 2005Q4, and 7.1; and OpenSSO Enterprise 8.0; when AMConfig.properties enables the debug flag, allows local users to discover cleartext passwords by reading debug files.

2.1CVSS6AI score0.00057EPSS

CVE•added 2009/01/29 7:30 p.m.•45 views

CVE-2009-0348

The login module in Sun Java System Access Manager 6 2005Q1 (aka 6.3), 7 2005Q4 (aka 7.0), and 7.1 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.

5CVSS6.4AI score0.08468EPSS

CVE•added 2007/10/01 5:17 a.m.•41 views

CVE-2007-5152

Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 9.1 container, does not demand authentication after a container restart, which allows remote attackers to perform administrative tasks.

7.5CVSS6.9AI score0.01807EPSS

CVE•added 2007/10/01 5:17 a.m.•40 views

CVE-2007-5153

Unspecified vulnerability in Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 8.x container, allows remote attackers to execute arbitrary code via unspecified vectors.

6.8CVSS7.7AI score0.03813EPSS

CVE•added 2009/01/16 9:30 p.m.•38 views

CVE-2009-0170

Sun Java System Access Manager 6.3 2005Q1, 7 2005Q4, and 7.1 allows remote authenticated users with console privileges to discover passwords, and obtain unspecified other "access to resources," by visiting the Configuration Items component in the console.

6CVSS6.2AI score0.00802EPSS

CVE•added 2008/06/16 6:41 p.m.•36 views

CVE-2008-2705

Unspecified vulnerability in Sun Java System Access Manager (AM) 7.1, when used with certain versions and configurations of Sun Directory Server Enterprise Edition (DSEE), allows remote attackers to bypass authentication via unspecified vectors.

9.3CVSS7AI score0.0035EPSS

CVE•added 2009/01/16 9:30 p.m.•34 views

CVE-2009-0169

Sun Java System Access Manager 7.1 allows remote authenticated sub-realm administrators to gain privileges, as demonstrated by creating the amadmin account in the sub-realm, and then logging in as amadmin in the root realm.

9CVSS6.8AI score0.01436EPSS

CVE•added 2008/03/08 12:44 a.m.•31 views

CVE-2008-1204

Multiple cross-site scripting (XSS) vulnerabilities in the Administration Console in Sun Java System Access Manager 7.1 and 7 2005Q4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the (1) Help and (2) Version windows.

4.3CVSS5.8AI score0.00293EPSS