Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Sun Alert 253267 Sun Java System Identity Manager Security Vulnerabilities
Informations
Name SUN-253267 First vendor Publication 2009-03-19
Vendor Sun Last vendor Modification 2010-01-20
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:S/C:C/I:C/A:C)
Cvss Base Score 9 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

Product: Sun Java System Identity Manager 7.0, Sun Java System Identity Manager 7.1, Sun Java System Identity Manager 8.0
State: Resolved
First released: 19-Mar-2009

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_253267_sun_java

CWE : Common Weakness Enumeration

% Id Name
27 % CWE-264 Permissions, Privileges, and Access Controls
27 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)
9 % CWE-310 Cryptographic Issues
9 % CWE-255 Credentials Management
9 % CWE-200 Information Exposure
9 % CWE-94 Failure to Control Generation of Code ('Code Injection')
9 % CWE-20 Improper Input Validation

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 4

Open Source Vulnerability Database (OSVDB)

Id Description
53163 Sun Java System Identity Manager Forgot Password Feature Account Enumeration

53162 Sun Java System Identity Manager Question-based Login Feature Account Enumera...

53161 Sun Java System Identity Manager Admin Interface Arbitrary User Password Modi...

53160 Sun Java System Identity Manager Unspecified Privilege Enforcement Weakness

53159 Sun Java System Identity Manager Multiple Unspecified XSS (19683)

53158 Sun Java System Identity Manager Multiple Unspecified XSS (19660)

53157 Sun Java System Identity Manager Multiple Unspecified XSS (19659)

53156 Sun Java System Identity Manager SSL Connection Fallback Weakness

53155 Sun Java System Identity Manager Multiple Unspecified XSS (19033)

53154 Sun Java System Identity Manager Multiple Unspecified XSS (19661)

53153 Sun Java System Identity Manager Multiple Unspecified XSS (19595)

53152 Sun Java System Identity Manager Admin Console Crafted Command Privilege Esca...

53151 Sun Java System Identity Manager Resource Adapters Password Control Character...

53150 Sun Java System Identity Manager System Configuration Object Access Restricti...

Nessus® Vulnerability Scanner

Date Description
2009-04-28 Name : The remote host is running a web application with information disclosure vuln...
File : sun_idm_acct_disclosure.nasl - Type : ACT_GATHER_INFO