Java System Identity Manager Security Vulnerabilities and Issues — Java System Identity Manager CVE List

Lucene search

SunJava System Identity Manager

4 matches found

CVE•added 2008/11/18 12:30 a.m.•42 views

CVE-2008-5117

Open redirect vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

6.4CVSS6.7AI score0.01256EPSS

CVE•added 2009/03/25 3:30 p.m.•41 views

CVE-2009-1077

The Change My Password implementation in the admin interface in Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not enforce the RequiresChallenge property setting, which allows remote authenticated users to change the passwords of other users, as demonstrated by changing the administrat...

6.5CVSS6.5AI score0.01929EPSS

CVE•added 2009/03/25 3:30 p.m.•39 views

CVE-2009-1084

Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not properly restrict access to the System Configuration object, which allows remote authenticated administrators and possibly remote attackers to have an unspecified impact by modifying this object.

6.4CVSS6.7AI score0.00672EPSS

CVE•added 2008/11/18 12:30 a.m.•36 views

CVE-2008-5115

Cross-site request forgery (CSRF) vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to hijack the authentication of administrators for requests that update the password via idm/admin/changeself.jsp.

6.8CVSS7.3AI score0.0068EPSS