Java System Identity Manager@6.0 Security Vulnerabilities and Issues — Java System Identity Manager@6.0 CVE List

Lucene search

SunJava System Identity Manager6.0

8 matches found

CVE•added 2008/11/18 12:30 a.m.•45 views

CVE-2008-5114

Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.8AI score0.00441EPSS

CVE•added 2008/11/18 12:30 a.m.•45 views

CVE-2008-5116

Directory traversal vulnerability in idm/includes/helpServer.jsp in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to read arbitrary files in the filesystem of the IDM server via directory traversal sequences in the ext parameter.

7.8CVSS6.7AI score0.00724EPSS

CVE•added 2008/11/18 12:30 a.m.•42 views

CVE-2008-5117

Open redirect vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

6.4CVSS6.7AI score0.01256EPSS

CVE•added 2008/11/18 12:30 a.m.•42 views

CVE-2008-5118

Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to inject frames from arbitrary web sites and conduct phishing attacks via unspecified vectors, related to "frame injection."

4.3CVSS6.8AI score0.00638EPSS

CVE•added 2008/01/11 10:46 p.m.•39 views

CVE-2008-0239

Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allow remote attackers to inject arbitrary HTML or web script via the (1) cntry or lang parameters to /idm/login.jsp, (2) resultsForm parameter to /idm/account/findForSelect.jsp...

4.3CVSS5.9AI score0.06358EPSS

CVE•added 2008/01/11 10:46 p.m.•39 views

CVE-2008-0241

Open redirect vulnerability in /idm/user/login.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the nextPage parameter.

5.8CVSS6.7AI score0.01952EPSS

CVE•added 2008/11/18 12:30 a.m.•36 views

CVE-2008-5115

Cross-site request forgery (CSRF) vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to hijack the authentication of administrators for requests that update the password via idm/admin/changeself.jsp.

6.8CVSS7.3AI score0.0068EPSS

CVE•added 2008/01/11 10:46 p.m.•32 views

CVE-2008-0240

/idm/help/index.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to inject frames from arbitrary web sites and conduct phishing attacks via the helpUrl parameter, aka "frame injection."

4.3CVSS6.8AI score0.06197EPSS