19 matches found
CVE-2008-5116
Sun Java System Identity Manager is affected by CVE-2008-5116 due to a failure to sanitize the ext parameter in idm/includes/helpServer.jsp. The issue allows unauthenticated remote attackers to perform directory traversal and read arbitrary files from the IDM server filesystem on affected version...
CVE-2008-5114
Sun Java System Identity Manager is affected by CVE-2008-5114, with multiple XSS vulnerabilities disclosed in versions 6.0 (including SP1-SP4), 7.0, and 7.1. The described issue allows remote attackers to inject arbitrary script/HTML via unspecified vectors. Exploit details and exact affected com...
CVE-2009-1076
CVE-2009-1076 affects Sun Java System Identity Manager (IdM) 7.0 through 8.0. The end-user login flow based on a question, when used with IDMROOT/questionLogin.jsp?accountId=USER, reveals different responses depending on whether USER exists. This behavior enables remote attackers to enumerate val...
CVE-2008-5117
The CVE-2008-5117 entry concerns Sun Java System Identity Manager. Affected versions are 6.0 (including SP4), 7.0, and 7.1. The vulnerability is an open redirect in the Identity Manager web interfaces that can let remote attackers redirect users to arbitrary sites, enabling phishing-style abuse. ...
CVE-2009-1075
CVE-2009-1075 affects Sun Java System Identity Manager (IdM) 7.0–8.0. The issue arises from how the system handles failed Forgot Password requests, returning different responses when an account exists versus when it does not. This behavior enables remote attackers to enumerate valid usernames, ex...
CVE-2008-5118
Sun Java System Identity Manager 6.0–6.0 SP4, 7.0, and 7.1 are affected by CVE-2008-5118, which enables remote attackers to inject frames from arbitrary sites and perform phishing via frame injection. The root cause is framed content handling that lacks proper validation, enabling cross-site fram...
CVE-2009-1082
Sun Java System Identity Manager (IdM) 7.0–8.0 is affected by a privilege-escalation issue where remote authenticated users can submit crafted commands to the Admin Console to gain administrative privileges (e.g., account creation) via the saveNoValidate and related saveNoValidateAllowedFormsAndW...
CVE-2009-1077
The CVE-2009-1077 entry concerns Sun Java System Identity Manager (IdM) 7.0–8.0. The admin Change My Password functionality fails to enforce the RequiresChallenge setting, enabling remote authenticated users to change other users’ passwords, demonstrated by altering the administrator account. Doc...
CVE-2009-1081
CVE-2009-1081 affects Sun Java System Identity Manager (IdM) 7.0–8.0. The issue is multiple cross-site scripting (XSS) flaws that allow remote attackers to inject arbitrary web script or HTML via unspecified vectors (Bug IDs 19595 and 19661). The connected documents do not provide concrete exploi...
CVE-2008-0241
CVE-2008-0241 describes an open redirect vulnerability in Sun Java System Identity Manager’s login page. The affected products are Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1. The flaw is due to improper handling of the nextPage parameter in /idm/user/login.jsp, allowing re...
CVE-2008-0239
The CVE-2008-0239 issue covers multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager versions 6.0 SP1–SP3, 7.0, and 7.1. The root cause is failure to sanitize user-supplied input in several JSP scripts, allowing remote, unauthenticated attackers to inject arbitra...
CVE-2009-1074
CVE-2009-1074 affects Sun Java System Identity Manager (IdM) 7.0 through 8.0. The issue is that SSL is not used in all expected circumstances, enabling remote attackers to potentially obtain sensitive information by sniffing network traffic. The description notes related factors such as lack of s...
CVE-2008-5115
CVE-2008-5115 affects Sun Java System Identity Manager (versions 6.0 up to SP4, 7.0, 7.1). The vulnerability is a CSRF flaw in the update password functionality via /idm/admin/changeself.jsp, which could allow an unauthenticated attacker to hijack an administrator’s session and change the passwor...
CVE-2009-1084
Sun Java System Identity Manager (IdM) versions 7.0–8.0 are affected by an access-control weakness in the System Configuration object that allows remote authenticated administrators, and possibly remote attackers, to modify the object with an unspecified impact. The root cause is improper restric...
CVE-2009-1078
CVE-2009-1078 affects Sun Java System Identity Manager (IdM) 7.0–8.0. The issue is that the product does not enforce the expected privilege requirements for (1) deleting audit policies and (2) modifying workflows, allowing remote authenticated users to have an unspecified impact. The available co...
CVE-2009-1080
CVE-2009-1080 affects Sun Java System Identity Manager (IdM) 7.0 through 8.0. The vulnerability is described as multiple cross-site scripting (XSS) flaws that allow remote attackers to inject arbitrary web script or HTML via unspecified vectors (Bug ID 19033). Affected component: IdM web interfac...
CVE-2009-1083
The CVE concerns Sun Java System Identity Manager (IdM) 7.0–8.0 on Linux, AIX, Solaris, and HP-UX, where the password handling allows certain control characters that enable a remote attacker to execute arbitrary commands via vectors involving resource adapters. This mode provides concrete details...
CVE-2008-0240
Sun Java System Identity Manager (versions 6.0 SP1–SP3, 7.0, 7.1) is affected by a vulnerability in /idm/help/index.jsp where the helpUrl parameter can be abused to inject frames from arbitrary sites, enabling phishing-like framing attacks. This aligns with the public CVE-2008-0240 description of...
CVE-2009-1079
CVE-2009-1079 applies to Sun Java System Identity Manager (IdM) 7.0 through 8.0. The vulnerability is described as multiple cross-site scripting (XSS) flaws that allow remote attackers to inject arbitrary web script or HTML via unspecified vectors (Bug IDs 19659, 19660, 19683). The affected softw...