(N/A)
INFORMATION
 Title | : | Sun Alert 243386 Multiple Security Vulnerabilities in Sun Java System Identity Manager | |||
| Name | : | SUN-243386 | First Publication | : | 2008-11-11 |
| Vendor | : | Sun | Last Modification | : | 2010-01-20 |
| Revision | : | N/A | |||
| Severity (Vendor) | : | N/A | |||
SECURITY-DATABASE SCORING CVSS v2
| Cvss Base Score | : | N/A | Attack Range | : | N/A |
| Cvss Impact Score | : | N/A | Attack Complexity | : | N/A |
| Cvss Expoit Score | : | N/A | Authentification | : | N/A |
| Calculate full CVSS 2.0 Vectors scores | |||||
DETAIL
Product: Sun Java System Identity Manager 6.0, Sun Java System Identity Manager 7.0, Sun Java System Identity Manager 7.1
Sun Java System Identity Manager is affected by multiple securityvulnerabilities with varying impacts.
Cross-site Scripting (XSS)vulnerabilities may allow a local or remote unprivileged user theability to execute unauthorized scripting code in a user's browser whenthat user clicks a link to Sun Java System Identity Manager.
A certain vulnerability related to CSRF (Cross-site Request Forgery)may allow a local or remote unprivileged user to gain unauthorizedaccess to the Administrator account.
A further vulnerability may allow a local or remote unprivileged user to gain unauthorized access to certain files on the IDM server's filesystem.
In addition, two furthervulnerabilities may allow a local or remote unprivileged user toredirect the browser to unintended remote sites or to inject framescontaining data from unintended sites.
Sun would like to acknowledge with thanks, Richard Brain, Adrian Pastor and Jan Fry ofProCheckup Ltd. for bringing two of these issues to our attention.
State: Resolved
First released: 11-Nov-2008
ORIGINALSOURCES
Url : http://blogs.sun.com/security/entry/sun_alert_243386_multiple_security
