Lucene search
K
SunJava System Identity Manager

4 matches found

CVE
CVE
added 2009/03/25 3:0 p.m.58 views

CVE-2009-1076

CVE-2009-1076 affects Sun Java System Identity Manager (IdM) 7.0 through 8.0. The end-user login flow based on a question, when used with IDMROOT/questionLogin.jsp?accountId=USER, reveals different responses depending on whether USER exists. This behavior enables remote attackers to enumerate val...

5CVSS6.9AI score0.0229EPSS
CVE
CVE
added 2009/03/25 3:0 p.m.56 views

CVE-2009-1075

CVE-2009-1075 affects Sun Java System Identity Manager (IdM) 7.0–8.0. The issue arises from how the system handles failed Forgot Password requests, returning different responses when an account exists versus when it does not. This behavior enables remote attackers to enumerate valid usernames, ex...

5CVSS6.9AI score0.02458EPSS
CVE
CVE
added 2008/01/11 10:0 p.m.52 views

CVE-2008-0241

CVE-2008-0241 describes an open redirect vulnerability in Sun Java System Identity Manager’s login page. The affected products are Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1. The flaw is due to improper handling of the nextPage parameter in /idm/user/login.jsp, allowing re...

5.8CVSS6.7AI score0.02677EPSS
Web
CVE
CVE
added 2009/03/25 3:0 p.m.52 views

CVE-2009-1074

CVE-2009-1074 affects Sun Java System Identity Manager (IdM) 7.0 through 8.0. The issue is that SSL is not used in all expected circumstances, enabling remote attackers to potentially obtain sensitive information by sniffing network traffic. The description notes related factors such as lack of s...

5CVSS6.3AI score0.02458EPSS