Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary | |
---|---|
Title | Sun Alert 243386 Multiple Security Vulnerabilities in Sun Java System Identity Manager |
Informations | |||
---|---|---|---|
Name | SUN-243386 | First vendor Publication | 2008-11-11 |
Vendor | Sun | Last vendor Modification | 2010-01-20 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 7.8 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Product: Sun Java System Identity Manager 6.0, Sun Java System Identity Manager 7.0, Sun Java System Identity Manager 7.1 Sun Java System Identity Manager is affected by multiple securityvulnerabilities with varying impacts. Cross-site Scripting (XSS)vulnerabilities may allow a local or remote unprivileged user theability to execute unauthorized scripting code in a user's browser whenthat user clicks a link to Sun Java System Identity Manager. A certain vulnerability related to CSRF (Cross-site Request Forgery)may allow a local or remote unprivileged user to gain unauthorizedaccess to the Administrator account. A further vulnerability may allow a local or remote unprivileged user to gain unauthorized access to certain files on the IDM server's filesystem. In addition, two furthervulnerabilities may allow a local or remote unprivileged user toredirect the browser to unintended remote sites or to inject framescontaining data from unintended sites. Sun would like to acknowledge with thanks, Richard Brain, Adrian Pastor and Jan Fry ofProCheckup Ltd. for bringing two of these issues to our attention. State: Resolved First released: 11-Nov-2008 |
Original Source
Url : http://blogs.sun.com/security/entry/sun_alert_243386_multiple_security |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
25 % | CWE-352 | Cross-Site Request Forgery (CSRF) (CWE/SANS Top 25) |
25 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
25 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
25 % | CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
49769 | Sun Java System Identity Manager Unspecified Arbitrary Frame Injection |
49768 | Sun Java System Identity Manager Unspecified Arbitrary Site Redirection |
49767 | Sun Java System Identity Manager /idm/includes/helpServer.jsp ext parameter A... |
49766 | Sun Java System Identity Manager Admin /idm/admin/changeself.jsp Update Passw... |
49765 | Sun Java System Identity Manager Unspecified XSS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-05-06 | Name : The remote web server contains an application that allows arbitrary file retr... File : sun_idm_ext_file_retrieval.nasl - Type : ACT_ATTACK |
Alert History
Date | Informations |
---|---|
2013-02-06 19:08:19 |
|