INFORMATION

Title : Sun Alert 243386 Multiple Security Vulnerabilities in Sun Java System Identity Manager
 
Name : SUN-243386 First Publication : 2008-11-11
Vendor : Sun Last Modification : 2008-11-11
Revision : N/A
Severity (Vendor) : N/A

DETAIL

Product: Sun Java System Identity Manager 6.0 Sun Java System Identity Manager 6.0 SP1 Sun Java System Identity Manager 6.0 SP2 Sun Java System Identity Manager 6.0 SP3 Sun Java System Identity Manager 6.0 SP4 Sun Java System Identity Manager 7.0 Sun Java System Identity Manager 7.1

Sun Java System Identity Manager is affected by multiple security vulnerabilities with varying impacts.??

Cross-site Scripting (XSS) vulnerabilities may allow a local or remote unprivileged user the ability to execute unauthorized scripting code in a user's browser when that user clicks a link to Sun Java System Identity Manager.

A certain vulnerability related to CSRF (Cross-site Request Forgery) may allow a local or remote unprivileged user to gain unauthorized access to the Administrator account.

A further vulnerability may allow a local or remote unprivileged user to gain unauthorized access to certain files on the IDM server's filesystem.

In addition, two further vulnerabilities may allow a local or remote unprivileged user to redirect the browser to unintended remote sites or to inject frames containing data from unintended sites.

Sun would like to acknowledge with thanks, Richard Brain, Adrian Pastor and Jan Fry of ProCheckup Ltd. for bringing two of these issues to our attention.

State: Resolved
First released: 11-Nov-2008
Sun Alert Link:http://sunsolve.sun.com/search/document.do?assetkey=1-66-243386-1


ORIGINALSOURCES

Url : http://blogs.sun.com/security/entry/sun_alert_243386_multiple_security