Java System Access Manager Security Vulnerabilities and Issues — Java System Access Manager CVE List

Lucene search

SunJava System Access Manager

3 matches found

CVE•added 2009/01/29 7:30 p.m.•45 views

CVE-2009-0348

The login module in Sun Java System Access Manager 6 2005Q1 (aka 6.3), 7 2005Q4 (aka 7.0), and 7.1 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.

5CVSS6.4AI score0.08468EPSS

CVE•added 2009/01/16 9:30 p.m.•38 views

CVE-2009-0170

Sun Java System Access Manager 6.3 2005Q1, 7 2005Q4, and 7.1 allows remote authenticated users with console privileges to discover passwords, and obtain unspecified other "access to resources," by visiting the Configuration Items component in the console.

6CVSS6.2AI score0.00802EPSS

CVE•added 2009/01/16 9:30 p.m.•34 views

CVE-2009-0169

Sun Java System Access Manager 7.1 allows remote authenticated sub-realm administrators to gain privileges, as demonstrated by creating the amadmin account in the sub-realm, and then logging in as amadmin in the root realm.

9CVSS6.8AI score0.01436EPSS