Summary
| Detail | |||
|---|---|---|---|
| Vendor | Sun | First view | 2007-10-01 |
| Product | Java System Access Manager | Last view | 2009-01-16 |
| Version | 7.1 | Type | Application |
| Update | * | ||
| Edition | solaris_x86 | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:sun:java_system_access_manager | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 9 | 2009-01-16 | CVE-2009-0169 | Sun Java System Access Manager 7.1 allows remote authenticated sub-realm administrators to gain privileges, as demonstrated by creating the amadmin account in the sub-realm, and then logging in as amadmin in the root realm. |
| 4.3 | 2008-03-07 | CVE-2008-1204 | Multiple cross-site scripting (XSS) vulnerabilities in the Administration Console in Sun Java System Access Manager 7.1 and 7 2005Q4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the (1) Help and (2) Version windows. |
| 6.8 | 2007-10-01 | CVE-2007-5153 | Unspecified vulnerability in Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 8.x container, allows remote attackers to execute arbitrary code via unspecified vectors. |
| 7.5 | 2007-10-01 | CVE-2007-5152 | Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 9.1 container, does not demand authentication after a container restart, which allows remote attackers to perform administrative tasks. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 25% (1) | CWE-287 | Improper Authentication |
| 25% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
| 25% (1) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
| 25% (1) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 51382 | Sun Java System Access Manager Unspecified Privilege Escalation |
| 42612 | Sun Java System Access Manager Administration Console Version Window XSS |
| 42611 | Sun Java System Access Manager Administration Console Help Window XSS |
| 37758 | Sun Java System Access Manager Container Restart Authentication Bypass |
| 37757 | Sun Java System Access Manager Unspecified Remote Code Execution |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2009-T-0007 | Multiple Sun Java System Access Manager Vulnerabilities Severity: Category II - VMSKEY: V0018223 |
