8 matches found
CVE-2008-5116
Sun Java System Identity Manager is affected by CVE-2008-5116 due to a failure to sanitize the ext parameter in idm/includes/helpServer.jsp. The issue allows unauthenticated remote attackers to perform directory traversal and read arbitrary files from the IDM server filesystem on affected version...
CVE-2008-5114
Sun Java System Identity Manager is affected by CVE-2008-5114, with multiple XSS vulnerabilities disclosed in versions 6.0 (including SP1-SP4), 7.0, and 7.1. The described issue allows remote attackers to inject arbitrary script/HTML via unspecified vectors. Exploit details and exact affected com...
CVE-2008-5117
The CVE-2008-5117 entry concerns Sun Java System Identity Manager. Affected versions are 6.0 (including SP4), 7.0, and 7.1. The vulnerability is an open redirect in the Identity Manager web interfaces that can let remote attackers redirect users to arbitrary sites, enabling phishing-style abuse. ...
CVE-2008-5118
Sun Java System Identity Manager 6.0–6.0 SP4, 7.0, and 7.1 are affected by CVE-2008-5118, which enables remote attackers to inject frames from arbitrary sites and perform phishing via frame injection. The root cause is framed content handling that lacks proper validation, enabling cross-site fram...
CVE-2008-0239
The CVE-2008-0239 issue covers multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager versions 6.0 SP1–SP3, 7.0, and 7.1. The root cause is failure to sanitize user-supplied input in several JSP scripts, allowing remote, unauthenticated attackers to inject arbitra...
CVE-2008-0241
CVE-2008-0241 describes an open redirect vulnerability in Sun Java System Identity Manager’s login page. The affected products are Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1. The flaw is due to improper handling of the nextPage parameter in /idm/user/login.jsp, allowing re...
CVE-2008-5115
CVE-2008-5115 affects Sun Java System Identity Manager (versions 6.0 up to SP4, 7.0, 7.1). The vulnerability is a CSRF flaw in the update password functionality via /idm/admin/changeself.jsp, which could allow an unauthenticated attacker to hijack an administrator’s session and change the passwor...
CVE-2008-0240
Sun Java System Identity Manager (versions 6.0 SP1–SP3, 7.0, 7.1) is affected by a vulnerability in /idm/help/index.jsp where the helpUrl parameter can be abused to inject frames from arbitrary sites, enabling phishing-like framing attacks. This aligns with the public CVE-2008-0240 description of...