Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1082

Overview

Vulnerability Score 9.0 9.0
CVE Id CVE-2009-1082
Last Modified 25 Mar 2009 12:00:00
Published 25 Mar 2009 11:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2009-1082

Summary

Sun Java System Identity Manager (IdM) 7.0 through 8.0 allows remote authenticated users to gain privileges by submitting crafted commands to the Admin Console, as demonstrated by privileges for account creation and other administrative capabilities, related to the saveNoValidate action and saveNoValidateAllowedFormsAndWorkflows IDs.

Vulnerable Systems

Application

  • Sun Java System Identity Manager 7.0

  • Sun Java System Identity Manager 7.1

  • Sun Java System Identity Manager 7.1.1

  • Sun Java System Identity Manager 8.0


References

BID - 34191

CONFIRM - http://sunsolve.sun.com/search/document.do?assetkey=1-21-140936-01-1

CONFIRM - http://sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1

CONFIRM - http://sunsolve.sun.com/search/document.do?assetkey=1-21-137621-11-1

VUPEN - ADV-2009-0797

SUNALERT - 253267

CONFIRM - http://sunsolve.sun.com/search/document.do?assetkey=1-21-139010-06-1

SECTRACK - 1021881

SECUNIA - 34380

CONFIRM - http://blogs.sun.com/security/entry/sun_alert_253267_sun_java


Last Updated: 27 May 2016 10:50:27