Java System Identity Manager Security Vulnerabilities and Issues — Java System Identity Manager CVE List

Lucene search

SunJava System Identity Manager

3 matches found

CVE•added 2008/01/11 10:46 p.m.•39 views

CVE-2008-0239

Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allow remote attackers to inject arbitrary HTML or web script via the (1) cntry or lang parameters to /idm/login.jsp, (2) resultsForm parameter to /idm/account/findForSelect.jsp...

4.3CVSS5.9AI score0.06358EPSS

CVE•added 2008/01/11 10:46 p.m.•39 views

CVE-2008-0241

Open redirect vulnerability in /idm/user/login.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the nextPage parameter.

5.8CVSS6.7AI score0.01952EPSS

CVE•added 2008/01/11 10:46 p.m.•32 views

CVE-2008-0240

/idm/help/index.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to inject frames from arbitrary web sites and conduct phishing attacks via the helpUrl parameter, aka "frame injection."

4.3CVSS6.8AI score0.06197EPSS