Lucene search
K
SunJava System Identity Manager

4 matches found

CVE
CVE
added 2008/11/18 12:0 a.m.57 views

CVE-2008-5117

The CVE-2008-5117 entry concerns Sun Java System Identity Manager. Affected versions are 6.0 (including SP4), 7.0, and 7.1. The vulnerability is an open redirect in the Identity Manager web interfaces that can let remote attackers redirect users to arbitrary sites, enabling phishing-style abuse. ...

6.4CVSS6.7AI score0.02567EPSS
CVE
CVE
added 2009/03/25 3:0 p.m.55 views

CVE-2009-1077

The CVE-2009-1077 entry concerns Sun Java System Identity Manager (IdM) 7.0–8.0. The admin Change My Password functionality fails to enforce the RequiresChallenge setting, enabling remote authenticated users to change other users’ passwords, demonstrated by altering the administrator account. Doc...

6.5CVSS6.5AI score0.02475EPSS
CVE
CVE
added 2008/11/18 12:0 a.m.52 views

CVE-2008-5115

CVE-2008-5115 affects Sun Java System Identity Manager (versions 6.0 up to SP4, 7.0, 7.1). The vulnerability is a CSRF flaw in the update password functionality via /idm/admin/changeself.jsp, which could allow an unauthenticated attacker to hijack an administrator’s session and change the passwor...

6.8CVSS7.3AI score0.03156EPSS
Web
CVE
CVE
added 2009/03/25 3:0 p.m.51 views

CVE-2009-1084

Sun Java System Identity Manager (IdM) versions 7.0–8.0 are affected by an access-control weakness in the System Configuration object that allows remote authenticated administrators, and possibly remote attackers, to modify the object with an unspecified impact. The root cause is improper restric...

6.4CVSS6.7AI score0.02563EPSS