Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5115

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-5115
Last Modified 07 Mar 2011 10:13:56
Published 17 Nov 2008 07:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-5115

Summary

Cross-site request forgery (CSRF) vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to hijack the authentication of administrators for requests that update the password via idm/admin/changeself.jsp.

Vulnerable Systems

Application

  • Sun Java System Identity Manager 6.0

  • Sun Java System Identity Manager 7.0

  • Sun Java System Identity Manager 7.1


References

SUNALERT - 243386

XF - sun-jsim-unspecified-csrf(46553)

VUPEN - ADV-2008-3128

SECTRACK - 1021170

BID - 32262

BUGTRAQ - 20081119 PR07-11: Cross-site Request Forgery (CSRF) on Sun Java System Identity Manager

MISC - http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr07-11

SECUNIA - 32606

OSVDB - 49766


Last Updated: 27 May 2016 10:48:42