This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Sun First view 2007-10-01
Product Java System Access Manager Last view 2009-01-16
Version 7.1 Type Application
Update *  
Edition solaris_sparc  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:sun:java_system_access_manager

Activity : Overall

Related : CVE

  Date Alert Description
9 2009-01-16 CVE-2009-0169

Sun Java System Access Manager 7.1 allows remote authenticated sub-realm administrators to gain privileges, as demonstrated by creating the amadmin account in the sub-realm, and then logging in as amadmin in the root realm.

4.3 2008-03-07 CVE-2008-1204

Multiple cross-site scripting (XSS) vulnerabilities in the Administration Console in Sun Java System Access Manager 7.1 and 7 2005Q4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the (1) Help and (2) Version windows.

6.8 2007-10-01 CVE-2007-5153

Unspecified vulnerability in Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 8.x container, allows remote attackers to execute arbitrary code via unspecified vectors.

7.5 2007-10-01 CVE-2007-5152

Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 9.1 container, does not demand authentication after a container restart, which allows remote attackers to perform administrative tasks.

CWE : Common Weakness Enumeration

%idName
25% (1) CWE-287 Improper Authentication
25% (1) CWE-264 Permissions, Privileges, and Access Controls
25% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')
25% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')

Open Source Vulnerability Database (OSVDB)

id Description
51382 Sun Java System Access Manager Unspecified Privilege Escalation
42612 Sun Java System Access Manager Administration Console Version Window XSS
42611 Sun Java System Access Manager Administration Console Help Window XSS
37758 Sun Java System Access Manager Container Restart Authentication Bypass
37757 Sun Java System Access Manager Unspecified Remote Code Execution

Information Assurance Vulnerability Management (IAVM)

id Description
2009-T-0007 Multiple Sun Java System Access Manager Vulnerabilities
Severity: Category II - VMSKEY: V0018223