Java System Identity Manager Security Vulnerabilities and Issues — Java System Identity Manager CVE List

Lucene search

SunJava System Identity Manager

4 matches found

CVE•added 2009/03/25 3:30 p.m.•47 views

CVE-2009-1076

Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds differently to failed use of the end-user question-based login feature depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.

5CVSS6.9AI score0.00687EPSS

CVE•added 2009/03/25 3:30 p.m.•40 views

CVE-2009-1074

Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not use SSL in all expected circumstances, which makes it easier for remote attackers to obtain sensitive information by sniffing the network, related to "ssl termination devices" and lack of support for relative URLs.

5CVSS6.3AI score0.0065EPSS

CVE•added 2009/03/25 3:30 p.m.•40 views

CVE-2009-1075

Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds differently to failed use of the Forgot Password feature depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.

5CVSS6.9AI score0.00575EPSS

CVE•added 2008/01/11 10:46 p.m.•39 views

CVE-2008-0241

Open redirect vulnerability in /idm/user/login.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the nextPage parameter.

5.8CVSS6.7AI score0.01952EPSS