Summary
Detail | |||
---|---|---|---|
Vendor | Sun | First view | 2007-10-01 |
Product | Java System Access Manager | Last view | 2009-01-16 |
Version | 7.1 | Type | Application |
Update | * | ||
Edition | solaris_x86 | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:sun:java_system_access_manager |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
9 | 2009-01-16 | CVE-2009-0169 | Sun Java System Access Manager 7.1 allows remote authenticated sub-realm administrators to gain privileges, as demonstrated by creating the amadmin account in the sub-realm, and then logging in as amadmin in the root realm. |
4.3 | 2008-03-07 | CVE-2008-1204 | Multiple cross-site scripting (XSS) vulnerabilities in the Administration Console in Sun Java System Access Manager 7.1 and 7 2005Q4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the (1) Help and (2) Version windows. |
6.8 | 2007-10-01 | CVE-2007-5153 | Unspecified vulnerability in Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 8.x container, allows remote attackers to execute arbitrary code via unspecified vectors. |
7.5 | 2007-10-01 | CVE-2007-5152 | Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 9.1 container, does not demand authentication after a container restart, which allows remote attackers to perform administrative tasks. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
25% (1) | CWE-287 | Improper Authentication |
25% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
25% (1) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
25% (1) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
51382 | Sun Java System Access Manager Unspecified Privilege Escalation |
42612 | Sun Java System Access Manager Administration Console Version Window XSS |
42611 | Sun Java System Access Manager Administration Console Help Window XSS |
37758 | Sun Java System Access Manager Container Restart Authentication Bypass |
37757 | Sun Java System Access Manager Unspecified Remote Code Execution |
Information Assurance Vulnerability Management (IAVM)
id | Description |
---|---|
2009-T-0007 | Multiple Sun Java System Access Manager Vulnerabilities Severity: Category II - VMSKEY: V0018223 |