Lucene search
K
SunJava System Identity Manager

8 matches found

CVE
CVE
added 2008/11/18 12:0 a.m.64 views

CVE-2008-5116

Sun Java System Identity Manager is affected by CVE-2008-5116 due to a failure to sanitize the ext parameter in idm/includes/helpServer.jsp. The issue allows unauthenticated remote attackers to perform directory traversal and read arbitrary files from the IDM server filesystem on affected version...

7.8CVSS6.7AI score0.04034EPSS
Web
CVE
CVE
added 2008/11/18 12:0 a.m.62 views

CVE-2008-5114

Sun Java System Identity Manager is affected by CVE-2008-5114, with multiple XSS vulnerabilities disclosed in versions 6.0 (including SP1-SP4), 7.0, and 7.1. The described issue allows remote attackers to inject arbitrary script/HTML via unspecified vectors. Exploit details and exact affected com...

4.3CVSS5.8AI score0.01953EPSS
CVE
CVE
added 2008/11/18 12:0 a.m.57 views

CVE-2008-5117

The CVE-2008-5117 entry concerns Sun Java System Identity Manager. Affected versions are 6.0 (including SP4), 7.0, and 7.1. The vulnerability is an open redirect in the Identity Manager web interfaces that can let remote attackers redirect users to arbitrary sites, enabling phishing-style abuse. ...

6.4CVSS6.7AI score0.02567EPSS
CVE
CVE
added 2008/11/18 12:0 a.m.57 views

CVE-2008-5118

Sun Java System Identity Manager 6.0–6.0 SP4, 7.0, and 7.1 are affected by CVE-2008-5118, which enables remote attackers to inject frames from arbitrary sites and perform phishing via frame injection. The root cause is framed content handling that lacks proper validation, enabling cross-site fram...

4.3CVSS6.8AI score0.01985EPSS
CVE
CVE
added 2008/01/11 10:0 p.m.52 views

CVE-2008-0239

The CVE-2008-0239 issue covers multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager versions 6.0 SP1–SP3, 7.0, and 7.1. The root cause is failure to sanitize user-supplied input in several JSP scripts, allowing remote, unauthenticated attackers to inject arbitra...

4.3CVSS5.9AI score0.05696EPSS
Web
CVE
CVE
added 2008/01/11 10:0 p.m.52 views

CVE-2008-0241

CVE-2008-0241 describes an open redirect vulnerability in Sun Java System Identity Manager’s login page. The affected products are Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1. The flaw is due to improper handling of the nextPage parameter in /idm/user/login.jsp, allowing re...

5.8CVSS6.7AI score0.02677EPSS
Web
CVE
CVE
added 2008/11/18 12:0 a.m.52 views

CVE-2008-5115

CVE-2008-5115 affects Sun Java System Identity Manager (versions 6.0 up to SP4, 7.0, 7.1). The vulnerability is a CSRF flaw in the update password functionality via /idm/admin/changeself.jsp, which could allow an unauthenticated attacker to hijack an administrator’s session and change the passwor...

6.8CVSS7.3AI score0.03156EPSS
Web
CVE
CVE
added 2008/01/11 10:0 p.m.45 views

CVE-2008-0240

Sun Java System Identity Manager (versions 6.0 SP1–SP3, 7.0, 7.1) is affected by a vulnerability in /idm/help/index.jsp where the helpUrl parameter can be abused to inject frames from arbitrary sites, enabling phishing-like framing attacks. This aligns with the public CVE-2008-0240 description of...

4.3CVSS6.8AI score0.05836EPSS
Web