Lucene search
K
SunJava System Identity Manager

11 matches found

CVE
CVE
added 2009/03/25 3:0 p.m.58 views

CVE-2009-1076

CVE-2009-1076 affects Sun Java System Identity Manager (IdM) 7.0 through 8.0. The end-user login flow based on a question, when used with IDMROOT/questionLogin.jsp?accountId=USER, reveals different responses depending on whether USER exists. This behavior enables remote attackers to enumerate val...

5CVSS6.9AI score0.0229EPSS
CVE
CVE
added 2009/03/25 3:0 p.m.56 views

CVE-2009-1075

CVE-2009-1075 affects Sun Java System Identity Manager (IdM) 7.0–8.0. The issue arises from how the system handles failed Forgot Password requests, returning different responses when an account exists versus when it does not. This behavior enables remote attackers to enumerate valid usernames, ex...

5CVSS6.9AI score0.02458EPSS
CVE
CVE
added 2009/03/25 3:0 p.m.55 views

CVE-2009-1077

The CVE-2009-1077 entry concerns Sun Java System Identity Manager (IdM) 7.0–8.0. The admin Change My Password functionality fails to enforce the RequiresChallenge setting, enabling remote authenticated users to change other users’ passwords, demonstrated by altering the administrator account. Doc...

6.5CVSS6.5AI score0.02475EPSS
CVE
CVE
added 2009/03/25 3:0 p.m.55 views

CVE-2009-1082

Sun Java System Identity Manager (IdM) 7.0–8.0 is affected by a privilege-escalation issue where remote authenticated users can submit crafted commands to the Admin Console to gain administrative privileges (e.g., account creation) via the saveNoValidate and related saveNoValidateAllowedFormsAndW...

9CVSS7.1AI score0.03441EPSS
CVE
CVE
added 2009/03/25 3:0 p.m.54 views

CVE-2009-1081

CVE-2009-1081 affects Sun Java System Identity Manager (IdM) 7.0–8.0. The issue is multiple cross-site scripting (XSS) flaws that allow remote attackers to inject arbitrary web script or HTML via unspecified vectors (Bug IDs 19595 and 19661). The connected documents do not provide concrete exploi...

4.3CVSS5.9AI score0.0197EPSS
CVE
CVE
added 2009/03/25 3:0 p.m.52 views

CVE-2009-1074

CVE-2009-1074 affects Sun Java System Identity Manager (IdM) 7.0 through 8.0. The issue is that SSL is not used in all expected circumstances, enabling remote attackers to potentially obtain sensitive information by sniffing network traffic. The description notes related factors such as lack of s...

5CVSS6.3AI score0.02458EPSS
CVE
CVE
added 2009/03/25 3:0 p.m.49 views

CVE-2009-1078

CVE-2009-1078 affects Sun Java System Identity Manager (IdM) 7.0–8.0. The issue is that the product does not enforce the expected privilege requirements for (1) deleting audit policies and (2) modifying workflows, allowing remote authenticated users to have an unspecified impact. The available co...

4CVSS6.6AI score0.01796EPSS
CVE
CVE
added 2009/03/25 3:0 p.m.49 views

CVE-2009-1084

Sun Java System Identity Manager (IdM) versions 7.0–8.0 are affected by an access-control weakness in the System Configuration object that allows remote authenticated administrators, and possibly remote attackers, to modify the object with an unspecified impact. The root cause is improper restric...

6.4CVSS6.7AI score0.02563EPSS
CVE
CVE
added 2009/03/25 3:0 p.m.48 views

CVE-2009-1080

CVE-2009-1080 affects Sun Java System Identity Manager (IdM) 7.0 through 8.0. The vulnerability is described as multiple cross-site scripting (XSS) flaws that allow remote attackers to inject arbitrary web script or HTML via unspecified vectors (Bug ID 19033). Affected component: IdM web interfac...

4.3CVSS5.9AI score0.0197EPSS
CVE
CVE
added 2009/03/25 3:0 p.m.48 views

CVE-2009-1083

The CVE concerns Sun Java System Identity Manager (IdM) 7.0–8.0 on Linux, AIX, Solaris, and HP-UX, where the password handling allows certain control characters that enable a remote attacker to execute arbitrary commands via vectors involving resource adapters. This mode provides concrete details...

9CVSS7.8AI score0.03682EPSS
CVE
CVE
added 2009/03/25 3:0 p.m.43 views

CVE-2009-1079

CVE-2009-1079 applies to Sun Java System Identity Manager (IdM) 7.0 through 8.0. The vulnerability is described as multiple cross-site scripting (XSS) flaws that allow remote attackers to inject arbitrary web script or HTML via unspecified vectors (Bug IDs 19659, 19660, 19683). The affected softw...

4.3CVSS5.9AI score0.0197EPSS