Search criteria
45 vulnerabilities found for java_system_access_manager by sun
FKIE_CVE-2010-4444
Vulnerability from fkie_nvd - Published: 2011-01-19 17:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
Unspecified vulnerability in Oracle Sun Java System Access Manager and Oracle OpenSSO 7, 7.1, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:opensso:7:*:*:*:*:*:*:*",
"matchCriteriaId": "FE6E1CF9-9D92-47EF-B97F-046E6F3ACFE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:opensso:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "344C4046-9525-46D3-8AB1-B5431B317712",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:opensso:8:*:*:*:*:*:*:*",
"matchCriteriaId": "E60B43C0-0AEC-4AC6-9E4A-8764FD6AB63E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B2402481-C481-4FB6-9415-2504B3B93F7E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Oracle Sun Java System Access Manager and Oracle OpenSSO 7, 7.1, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Oracle Sun Java System Access Manager y Oracle OpenSSO v7, v7.1 y v8 permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2010-4444",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-01-19T17:00:02.483",
"references": [
{
"source": "secalert_us@oracle.com",
"url": "http://osvdb.org/70579"
},
{
"source": "secalert_us@oracle.com",
"url": "http://osvdb.org/70580"
},
{
"source": "secalert_us@oracle.com",
"url": "http://secunia.com/advisories/42986"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
},
{
"source": "secalert_us@oracle.com",
"url": "http://www.securityfocus.com/bid/45884"
},
{
"source": "secalert_us@oracle.com",
"url": "http://www.vupen.com/english/advisories/2011/0153"
},
{
"source": "secalert_us@oracle.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64811"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/70579"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/70580"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/42986"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/45884"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64811"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-2713
Vulnerability from fkie_nvd - Published: 2009-08-07 19:00 - Updated: 2025-04-09 00:30
Severity ?
Summary
The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4 and 7.1, when Cross Domain Single Sign On (CDSSO) is enabled, does not ensure that "policy advice" is presented to the correct client, which allows remote attackers to obtain sensitive information via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_10_sparc:*:*:*:*:*",
"matchCriteriaId": "8ED84EE5-2C53-4A8E-98B7-4F9181D4E192",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_8_sparc:*:*:*:*:*",
"matchCriteriaId": "BF718ABC-42C7-4FE1-82A0-00F3506F1D42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_9_sparc:*:*:*:*:*",
"matchCriteriaId": "F590A1DC-7E1B-44CF-83D2-3FEDA91765C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_10_sparc:*:*:*:*:*",
"matchCriteriaId": "28F24915-078C-4E4B-B173-671F0ABF9656",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_8_sparc:*:*:*:*:*",
"matchCriteriaId": "CAABA44E-5FD1-4B71-A4DE-9DC671DD8223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_9_sparc:*:*:*:*:*",
"matchCriteriaId": "2A857F82-4146-48E9-8568-19393AC3856B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_10_sparc:*:*:*:*:*",
"matchCriteriaId": "B56B9BD3-2708-46C3-850D-865599F88BF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_8_sparc:*:*:*:*:*",
"matchCriteriaId": "B6391170-5831-4303-85E5-A51BB431E788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_9_sparc:*:*:*:*:*",
"matchCriteriaId": "745D8651-B97C-48A9-AE4F-603A34516919",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_10_x86:*:*:*:*:*",
"matchCriteriaId": "B0617E1B-FE70-442E-AEE6-BACC8515F005",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_8_x86:*:*:*:*:*",
"matchCriteriaId": "D2BC5828-0EF1-4640-91BF-9CC1E5FC6243",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_9_x86:*:*:*:*:*",
"matchCriteriaId": "9096D748-9527-4061-8106-526741831F35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_10_x86:*:*:*:*:*",
"matchCriteriaId": "AD06B92E-C23C-4648-A585-14FC54538FA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_8_x86:*:*:*:*:*",
"matchCriteriaId": "4930E838-993A-4DA1-B504-4675EE20CF69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_9_x86:*:*:*:*:*",
"matchCriteriaId": "2D28C8EF-7525-48A0-A13A-EA95479A3B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_10_x86:*:*:*:*:*",
"matchCriteriaId": "207157F9-0AE4-45FB-A3DC-90C1F6E5376E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_8_x86:*:*:*:*:*",
"matchCriteriaId": "9E8B1333-125A-44F7-A6C3-4B04D3FC9A8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_9_x86:*:*:*:*:*",
"matchCriteriaId": "92BC8B61-3F58-43B3-9756-616376D4D2DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_10_linux:*:*:*:*:*",
"matchCriteriaId": "B9D7AA3C-6565-4291-A76F-3BE9311B77F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_8_linux:*:*:*:*:*",
"matchCriteriaId": "95ADB790-EF2D-4613-9F69-F37401518511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_9_linux:*:*:*:*:*",
"matchCriteriaId": "9E64CD07-4AF7-49C4-A3C0-EE2BF9E067A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_10_linux:*:*:*:*:*",
"matchCriteriaId": "D8C9CC43-EFB5-4192-81F2-0373961A7078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_8_linux:*:*:*:*:*",
"matchCriteriaId": "479657F1-8950-4C6C-9CD2-5FE3DF235E24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_9_linux:*:*:*:*:*",
"matchCriteriaId": "6F238642-873A-4A50-BF14-6B173A20A36D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_10_linux:*:*:*:*:*",
"matchCriteriaId": "3DA96674-2050-4686-A592-F450655073E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_8_linux:*:*:*:*:*",
"matchCriteriaId": "5382933D-E32D-47F5-8892-65B94E06BD15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_9_linux:*:*:*:*:*",
"matchCriteriaId": "644C3EA4-607C-42E7-805B-8F2EF6AF694E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.0_2005q4:*:windows:*:*:*:*:*",
"matchCriteriaId": "B7821A43-2549-4B75-A201-95A3AC58E8BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:windows:*:*:*:*:*",
"matchCriteriaId": "36C5F1CB-FEDE-4C19-B056-C846C86FDE8E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:*:hp_ux:*:*:*:*:*",
"matchCriteriaId": "134929FE-2EBA-4B55-904F-111A658160F3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:war:*:*:*:*:*",
"matchCriteriaId": "72304F6F-83F9-4207-93D9-6886AD9E88A1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4 and 7.1, when Cross Domain Single Sign On (CDSSO) is enabled, does not ensure that \"policy advice\" is presented to the correct client, which allows remote attackers to obtain sensitive information via unspecified vectors."
},
{
"lang": "es",
"value": "El componente CDCServlet en Sun Java System Access Manager v7.0 2005Q4 y v7.1, cuando Cross Domain Single Sign On (CDSSO) est\u00e1 habilitado, no garantiza que \"policy advice\" (aviso de pol\u00edticas) se presenta al cliente correcto, lo cual permite a un atacante remoto obtener informaci\u00f3n sensible a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2009-2713",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-08-07T19:00:01.140",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36167"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-255968-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/35961"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/2176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36167"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-255968-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/35961"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/2176"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-2712
Vulnerability from fkie_nvd - Published: 2009-08-07 19:00 - Updated: 2025-04-09 00:30
Severity ?
Summary
Sun Java System Access Manager 6.3 2005Q1, 7.0 2005Q4, and 7.1; and OpenSSO Enterprise 8.0; when AMConfig.properties enables the debug flag, allows local users to discover cleartext passwords by reading debug files.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_10_sparc:*:*:*:*:*",
"matchCriteriaId": "8ED84EE5-2C53-4A8E-98B7-4F9181D4E192",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_8_sparc:*:*:*:*:*",
"matchCriteriaId": "BF718ABC-42C7-4FE1-82A0-00F3506F1D42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_9_sparc:*:*:*:*:*",
"matchCriteriaId": "F590A1DC-7E1B-44CF-83D2-3FEDA91765C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_10_sparc:*:*:*:*:*",
"matchCriteriaId": "28F24915-078C-4E4B-B173-671F0ABF9656",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_8_sparc:*:*:*:*:*",
"matchCriteriaId": "CAABA44E-5FD1-4B71-A4DE-9DC671DD8223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_9_sparc:*:*:*:*:*",
"matchCriteriaId": "2A857F82-4146-48E9-8568-19393AC3856B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_10_sparc:*:*:*:*:*",
"matchCriteriaId": "B56B9BD3-2708-46C3-850D-865599F88BF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_8_sparc:*:*:*:*:*",
"matchCriteriaId": "B6391170-5831-4303-85E5-A51BB431E788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_9_sparc:*:*:*:*:*",
"matchCriteriaId": "745D8651-B97C-48A9-AE4F-603A34516919",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_10_x86:*:*:*:*:*",
"matchCriteriaId": "B0617E1B-FE70-442E-AEE6-BACC8515F005",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_8_x86:*:*:*:*:*",
"matchCriteriaId": "D2BC5828-0EF1-4640-91BF-9CC1E5FC6243",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_9_x86:*:*:*:*:*",
"matchCriteriaId": "9096D748-9527-4061-8106-526741831F35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_10_x86:*:*:*:*:*",
"matchCriteriaId": "AD06B92E-C23C-4648-A585-14FC54538FA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_8_x86:*:*:*:*:*",
"matchCriteriaId": "4930E838-993A-4DA1-B504-4675EE20CF69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_9_x86:*:*:*:*:*",
"matchCriteriaId": "2D28C8EF-7525-48A0-A13A-EA95479A3B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_10_x86:*:*:*:*:*",
"matchCriteriaId": "207157F9-0AE4-45FB-A3DC-90C1F6E5376E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_8_x86:*:*:*:*:*",
"matchCriteriaId": "9E8B1333-125A-44F7-A6C3-4B04D3FC9A8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_9_x86:*:*:*:*:*",
"matchCriteriaId": "92BC8B61-3F58-43B3-9756-616376D4D2DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_10_linux:*:*:*:*:*",
"matchCriteriaId": "B9D7AA3C-6565-4291-A76F-3BE9311B77F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_8_linux:*:*:*:*:*",
"matchCriteriaId": "95ADB790-EF2D-4613-9F69-F37401518511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_9_linux:*:*:*:*:*",
"matchCriteriaId": "9E64CD07-4AF7-49C4-A3C0-EE2BF9E067A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_10_linux:*:*:*:*:*",
"matchCriteriaId": "D8C9CC43-EFB5-4192-81F2-0373961A7078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_8_linux:*:*:*:*:*",
"matchCriteriaId": "479657F1-8950-4C6C-9CD2-5FE3DF235E24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_9_linux:*:*:*:*:*",
"matchCriteriaId": "6F238642-873A-4A50-BF14-6B173A20A36D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_10_linux:*:*:*:*:*",
"matchCriteriaId": "3DA96674-2050-4686-A592-F450655073E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_8_linux:*:*:*:*:*",
"matchCriteriaId": "5382933D-E32D-47F5-8892-65B94E06BD15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_9_linux:*:*:*:*:*",
"matchCriteriaId": "644C3EA4-607C-42E7-805B-8F2EF6AF694E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.0_2005q4:*:windows:*:*:*:*:*",
"matchCriteriaId": "B7821A43-2549-4B75-A201-95A3AC58E8BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:windows:*:*:*:*:*",
"matchCriteriaId": "36C5F1CB-FEDE-4C19-B056-C846C86FDE8E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_web_server:7.0:*:hp_ux:*:*:*:*:*",
"matchCriteriaId": "134929FE-2EBA-4B55-904F-111A658160F3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:war:*:*:*:*:*",
"matchCriteriaId": "72304F6F-83F9-4207-93D9-6886AD9E88A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:opensso_enterprise:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8D05F3A1-C5F3-43CA-9150-17FE55A89A30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sun Java System Access Manager 6.3 2005Q1, 7.0 2005Q4, and 7.1; and OpenSSO Enterprise 8.0; when AMConfig.properties enables the debug flag, allows local users to discover cleartext passwords by reading debug files."
},
{
"lang": "es",
"value": "Sun Java System Access Manager v6.3 2005Q1, v7.0 2005Q4, y v7.1; y OpenSSO Enterprise v8.0; cuando AMConfig.properties permite a la marca de depuraci\u00f3n, permite a los usuarios locales descubrir contrase\u00f1as en texto claro mediante la lectura de archivos de depuraci\u00f3n."
}
],
"id": "CVE-2009-2712",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-08-07T19:00:01.110",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/56815"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36169"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-119465-16-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-256668-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/35963"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/2177"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/56815"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36169"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-119465-16-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-256668-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/2177"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-2268
Vulnerability from fkie_nvd - Published: 2009-07-01 13:00 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Cross-Domain Controller (CDC) servlet in Sun Java System Access Manager 6 2005Q1, 7 2005Q4, and 7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:6:*:*:*:*:*:*:*",
"matchCriteriaId": "51EDB8CC-FD50-468F-BF06-91F415E1532D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:6.0_2005q1:*:linux:*:*:*:*:*",
"matchCriteriaId": "6FAE06D6-34FF-45CA-9CD9-841817E787FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:6.0_2005q1:*:solaris_10_sparc:*:*:*:*:*",
"matchCriteriaId": "C45AE084-74CB-47C7-8103-EBDEE2C3A2F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:6.0_2005q1:*:solaris_10_x86:*:*:*:*:*",
"matchCriteriaId": "97A8B7AC-8343-4CDB-8757-12648D0C5B91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:6.0_2005q1:*:solaris_8_sparc:*:*:*:*:*",
"matchCriteriaId": "84B5BE3F-27E7-4B3B-BD7B-A614DA625A36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:6.0_2005q1:*:solaris_8_x86:*:*:*:*:*",
"matchCriteriaId": "3BE405DA-2ACF-4935-99D9-2E8940FBA279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:6.0_2005q1:*:solaris_9_sparc:*:*:*:*:*",
"matchCriteriaId": "3566E0BB-A6B9-49A0-9B6C-918A1F11CE6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:6.0_2005q1:*:solaris_9_x86:*:*:*:*:*",
"matchCriteriaId": "0A666DA6-E83C-4B37-913E-3FAD7B9EE4F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D88350FE-285D-4144-B7DC-5E1F8579CC56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.0_2005q4:*:hp-ux:*:*:*:*:*",
"matchCriteriaId": "2807FF5E-F638-4F08-B34C-4532C1BC9908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.0_2005q4:*:linux:*:*:*:*:*",
"matchCriteriaId": "34B7F28D-CBA5-44F7-AE6E-5EEB0EAF63B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.0_2005q4:*:solaris10_x86:*:*:*:*:*",
"matchCriteriaId": "7A0F58C0-642D-4FC2-94B6-35D3CA936DFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.0_2005q4:*:solaris9_x86:*:*:*:*:*",
"matchCriteriaId": "85E0C292-E453-4F14-915A-41AB7FBF21F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.0_2005q4:*:windows:*:*:*:*:*",
"matchCriteriaId": "B7821A43-2549-4B75-A201-95A3AC58E8BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B5B089E-62AC-44E5-9462-DC439C7AA8A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:linux:*:*:*:*:*",
"matchCriteriaId": "4CCDA95C-0EFF-4CF4-8CC6-EF110F0DAE76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_10_sparc:*:*:*:*:*",
"matchCriteriaId": "28F24915-078C-4E4B-B173-671F0ABF9656",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_10_x86:*:*:*:*:*",
"matchCriteriaId": "AD06B92E-C23C-4648-A585-14FC54538FA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_8_sparc:*:*:*:*:*",
"matchCriteriaId": "CAABA44E-5FD1-4B71-A4DE-9DC671DD8223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_8_x86:*:*:*:*:*",
"matchCriteriaId": "4930E838-993A-4DA1-B504-4675EE20CF69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_9_sparc:*:*:*:*:*",
"matchCriteriaId": "2A857F82-4146-48E9-8568-19393AC3856B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_9_x86:*:*:*:*:*",
"matchCriteriaId": "2D28C8EF-7525-48A0-A13A-EA95479A3B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:windows:*:*:*:*:*",
"matchCriteriaId": "36C5F1CB-FEDE-4C19-B056-C846C86FDE8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_10_sparc:*:*:*:*:*",
"matchCriteriaId": "B56B9BD3-2708-46C3-850D-865599F88BF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_8_sparc:*:*:*:*:*",
"matchCriteriaId": "B6391170-5831-4303-85E5-A51BB431E788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_9_sparc:*:*:*:*:*",
"matchCriteriaId": "745D8651-B97C-48A9-AE4F-603A34516919",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Cross-Domain Controller (CDC) servlet in Sun Java System Access Manager 6 2005Q1, 7 2005Q4, and 7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en el Cross-Domain Controller (CDC) servlet en Sun Java System Access Manager v6 2005Q1, v7 2005Q4, y v7.1, permite a atacantes remotos ejecutar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"evaluatorImpact": "Per: http://secunia.com/advisories/35651\r\n\r\n\"NOTE: This only affects Sun Java System Access Manager if Cross-Domain Single Sign-On (CDSSO) functionality is enabled.\"",
"id": "CVE-2009-2268",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-07-01T13:00:01.420",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35651"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-256568-1"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020343.1-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35651"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-256568-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020343.1-1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-0348
Vulnerability from fkie_nvd - Published: 2009-01-29 19:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
The login module in Sun Java System Access Manager 6 2005Q1 (aka 6.3), 7 2005Q4 (aka 7.0), and 7.1 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_10_linux:*:*:*:*:*",
"matchCriteriaId": "B9D7AA3C-6565-4291-A76F-3BE9311B77F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_10_sparc:*:*:*:*:*",
"matchCriteriaId": "8ED84EE5-2C53-4A8E-98B7-4F9181D4E192",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_10_windows:*:*:*:*:*",
"matchCriteriaId": "FB62C071-74F8-4642-938A-E529CBB2396B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_10_x86:*:*:*:*:*",
"matchCriteriaId": "B0617E1B-FE70-442E-AEE6-BACC8515F005",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_8_linux:*:*:*:*:*",
"matchCriteriaId": "95ADB790-EF2D-4613-9F69-F37401518511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_8_sparc:*:*:*:*:*",
"matchCriteriaId": "BF718ABC-42C7-4FE1-82A0-00F3506F1D42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_8_windows:*:*:*:*:*",
"matchCriteriaId": "11EEDFB5-CDB0-4A7F-A14B-FFF37FBFB927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_8_x86:*:*:*:*:*",
"matchCriteriaId": "D2BC5828-0EF1-4640-91BF-9CC1E5FC6243",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_9_linux:*:*:*:*:*",
"matchCriteriaId": "9E64CD07-4AF7-49C4-A3C0-EE2BF9E067A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_9_sparc:*:*:*:*:*",
"matchCriteriaId": "F590A1DC-7E1B-44CF-83D2-3FEDA91765C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_9_windows:*:*:*:*:*",
"matchCriteriaId": "56368A15-6067-4041-B949-50B856B93D1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:6.3_2005q1:*:solaris_9_x86:*:*:*:*:*",
"matchCriteriaId": "9096D748-9527-4061-8106-526741831F35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_10_linux:*:*:*:*:*",
"matchCriteriaId": "D8C9CC43-EFB5-4192-81F2-0373961A7078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_10_sparc:*:*:*:*:*",
"matchCriteriaId": "28F24915-078C-4E4B-B173-671F0ABF9656",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_10_windows:*:*:*:*:*",
"matchCriteriaId": "48131043-49E3-495E-8868-38D3ACC0D402",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_10_x86:*:*:*:*:*",
"matchCriteriaId": "AD06B92E-C23C-4648-A585-14FC54538FA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_8_linux:*:*:*:*:*",
"matchCriteriaId": "479657F1-8950-4C6C-9CD2-5FE3DF235E24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_8_sparc:*:*:*:*:*",
"matchCriteriaId": "CAABA44E-5FD1-4B71-A4DE-9DC671DD8223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_8_windows:*:*:*:*:*",
"matchCriteriaId": "1C311222-6DD5-4C31-BCB9-4ED895281831",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_8_x86:*:*:*:*:*",
"matchCriteriaId": "4930E838-993A-4DA1-B504-4675EE20CF69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_9_linux:*:*:*:*:*",
"matchCriteriaId": "6F238642-873A-4A50-BF14-6B173A20A36D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_9_sparc:*:*:*:*:*",
"matchCriteriaId": "2A857F82-4146-48E9-8568-19393AC3856B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_9_windows:*:*:*:*:*",
"matchCriteriaId": "77DFF3D0-BBD2-4B06-9B4E-CA8FCA1BAC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_9_x86:*:*:*:*:*",
"matchCriteriaId": "2D28C8EF-7525-48A0-A13A-EA95479A3B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_10_linux:*:*:*:*:*",
"matchCriteriaId": "3DA96674-2050-4686-A592-F450655073E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_10_sparc:*:*:*:*:*",
"matchCriteriaId": "B56B9BD3-2708-46C3-850D-865599F88BF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_10_windows:*:*:*:*:*",
"matchCriteriaId": "22C1CF79-9D5D-4AF6-96C3-F029522D3DD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_10_x86:*:*:*:*:*",
"matchCriteriaId": "207157F9-0AE4-45FB-A3DC-90C1F6E5376E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_8_linux:*:*:*:*:*",
"matchCriteriaId": "5382933D-E32D-47F5-8892-65B94E06BD15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_8_sparc:*:*:*:*:*",
"matchCriteriaId": "B6391170-5831-4303-85E5-A51BB431E788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_8_windows:*:*:*:*:*",
"matchCriteriaId": "8FB6B9F1-EBE4-4820-98F3-E6F41A99B504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_8_x86:*:*:*:*:*",
"matchCriteriaId": "9E8B1333-125A-44F7-A6C3-4B04D3FC9A8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_9_linux:*:*:*:*:*",
"matchCriteriaId": "644C3EA4-607C-42E7-805B-8F2EF6AF694E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_9_sparc:*:*:*:*:*",
"matchCriteriaId": "745D8651-B97C-48A9-AE4F-603A34516919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_9_windows:*:*:*:*:*",
"matchCriteriaId": "BBC9D038-3428-440F-8BD7-06B103019BF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_9_x86:*:*:*:*:*",
"matchCriteriaId": "92BC8B61-3F58-43B3-9756-616376D4D2DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The login module in Sun Java System Access Manager 6 2005Q1 (aka 6.3), 7 2005Q4 (aka 7.0), and 7.1 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames."
},
{
"lang": "es",
"value": "El m\u00f3dulo de ingreso en Sun Java System Access Manager v6 2005Q1 (antes conocido como v6.3), v7 2005Q4 (antes conocido como v7.0), y v7.1. responde de manera diferente dependiendo de si la cuenta existe o no, lo que permite a atacantes remotos averiguar nombres de usuario v\u00e1lidos."
}
],
"id": "CVE-2009-0348",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-01-29T19:30:00.407",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33688"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-119465-15-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-242026-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/33489"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/0269"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48283"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33688"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-119465-15-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-242026-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/33489"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/0269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48283"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-0169
Vulnerability from fkie_nvd - Published: 2009-01-16 21:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Sun Java System Access Manager 7.1 allows remote authenticated sub-realm administrators to gain privileges, as demonstrated by creating the amadmin account in the sub-realm, and then logging in as amadmin in the root realm.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | java_system_access_manager | 7.1 | |
| sun | java_system_access_manager | 7.1 | |
| sun | java_system_access_manager | 7.1 | |
| sun | java_system_access_manager | 7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:linux:*:*:*:*:*",
"matchCriteriaId": "4CCDA95C-0EFF-4CF4-8CC6-EF110F0DAE76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_sparc:*:*:*:*:*",
"matchCriteriaId": "F73D1848-D765-46B8-9B61-4A7A351CA6A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_x86:*:*:*:*:*",
"matchCriteriaId": "51834E30-6780-433E-9146-C4B8DEFF7CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:windows:*:*:*:*:*",
"matchCriteriaId": "36C5F1CB-FEDE-4C19-B056-C846C86FDE8E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sun Java System Access Manager 7.1 allows remote authenticated sub-realm administrators to gain privileges, as demonstrated by creating the amadmin account in the sub-realm, and then logging in as amadmin in the root realm."
},
{
"lang": "es",
"value": "Sun Java System Access Manager v7.1 permite a administradores autenticados sub-realm obtener privilegios, como se ha demostrado mediante la creaci\u00f3n de una cuenta amadmin en el sub-realm, y entonces entran como amadmin en la ra\u00edz realm."
}
],
"id": "CVE-2009-0169",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-01-16T21:30:03.530",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-02-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-249106-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/33266"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1021604"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/0157"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-02-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-249106-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/33266"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021604"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/0157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47944"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-0170
Vulnerability from fkie_nvd - Published: 2009-01-16 21:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Sun Java System Access Manager 6.3 2005Q1, 7 2005Q4, and 7.1 allows remote authenticated users with console privileges to discover passwords, and obtain unspecified other "access to resources," by visiting the Configuration Items component in the console.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | java_system_access_manager | 6.3 | |
| sun | java_system_access_manager | 7.0_2005q4 | |
| sun | java_system_access_manager | 7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "31DEED4B-0AFF-49A2-9DDA-B4D74E3B29A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.0_2005q4:*:*:*:*:*:*:*",
"matchCriteriaId": "26AB4CE2-6C95-4969-A989-F38C7129F22C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B5B089E-62AC-44E5-9462-DC439C7AA8A5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sun Java System Access Manager 6.3 2005Q1, 7 2005Q4, and 7.1 allows remote authenticated users with console privileges to discover passwords, and obtain unspecified other \"access to resources,\" by visiting the Configuration Items component in the console."
},
{
"lang": "es",
"value": "Sun Java System Access Manager v6.3 2005Q1, v7 2005Q4, y v7.1 permite a atacantes remotos autenticar usuarios con privilegios de consola para descubrir contrase\u00f1as, y obtener otros \"accesos a recursos\" no especificados, visitando el componente Configuration Items en la consola."
}
],
"id": "CVE-2009-0170",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-01-16T21:30:03.547",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-02-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-242166-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/33265"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1021605"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/0156"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-02-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-242166-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/33265"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021605"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/0156"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47942"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
},
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-2945
Vulnerability from fkie_nvd - Published: 2008-06-30 22:41 - Updated: 2025-04-09 00:30
Severity ?
Summary
Sun Java System Access Manager 6.3 through 7.1 and Sun Java System Identity Server 6.1 and 6.2 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715, CVE-2007-3716, and CVE-2007-4289.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | java_system_access_manager | 6.3 | |
| sun | java_system_access_manager | 7.0 | |
| sun | java_system_access_manager | 7.1 | |
| sun | java_system_identity_server | 6.1 | |
| sun | java_system_identity_server | 6.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "31DEED4B-0AFF-49A2-9DDA-B4D74E3B29A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D88350FE-285D-4144-B7DC-5E1F8579CC56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B5B089E-62AC-44E5-9462-DC439C7AA8A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_identity_server:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DB8DC1D1-AF26-48BC-A773-5D7CAC70C7D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_identity_server:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9770CADB-E22A-425C-A35B-AFC52CE53C88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sun Java System Access Manager 6.3 through 7.1 and Sun Java System Identity Server 6.1 and 6.2 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715, CVE-2007-3716, and CVE-2007-4289."
},
{
"lang": "es",
"value": "Sun Java System Access Manager 6.3 hasta 7.1 y Sun Java System Identity Server 6.1 y 6.2 no procesa adecuadamente hojas de estilo XSLT en transformaciones XSLT de firmas XML."
}
],
"id": "CVE-2008-2945",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-06-30T22:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30893"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-201538-1"
},
{
"source": "cve@mitre.org",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-294.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29988"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1020380"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1967/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43429"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30893"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-201538-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-294.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29988"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020380"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1967/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43429"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-2705
Vulnerability from fkie_nvd - Published: 2008-06-16 18:41 - Updated: 2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in Sun Java System Access Manager (AM) 7.1, when used with certain versions and configurations of Sun Directory Server Enterprise Edition (DSEE), allows remote attackers to bypass authentication via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | java_system_access_manager | 7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B5B089E-62AC-44E5-9462-DC439C7AA8A5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Sun Java System Access Manager (AM) 7.1, when used with certain versions and configurations of Sun Directory Server Enterprise Edition (DSEE), allows remote attackers to bypass authentication via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Sun Java System Access Manager (AM) 7.1, cuando se utiliza con determinadas versiones y configuraciones del Sun Directory Server Enterprise Edition (DSEE), permite a atacantes remotos evitar la autenticaci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2008-2705",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-06-16T18:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30652"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238416-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29676"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1020273"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1806"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30652"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238416-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29676"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020273"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1806"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43004"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-1204
Vulnerability from fkie_nvd - Published: 2008-03-08 00:44 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Administration Console in Sun Java System Access Manager 7.1 and 7 2005Q4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the (1) Help and (2) Version windows.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | java_system_access_manager | 7.0 | |
| sun | java_system_access_manager | 7.0_2005q4 | |
| sun | java_system_access_manager | 7.0_2005q4 | |
| sun | java_system_access_manager | 7.0_2005q4 | |
| sun | java_system_access_manager | 7.0_2005q4 | |
| sun | java_system_access_manager | 7.1 | |
| sun | java_system_access_manager | 7.1 | |
| sun | java_system_access_manager | 7.1 | |
| sun | java_system_access_manager | 7.1 | |
| sun | java_system_access_manager | 7.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.0:*:linux:*:*:*:*:*",
"matchCriteriaId": "DB0E6D4B-724D-4724-82A7-F2C2A966FB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.0_2005q4:*:hp-ux:*:*:*:*:*",
"matchCriteriaId": "2807FF5E-F638-4F08-B34C-4532C1BC9908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.0_2005q4:*:solaris_sparc:*:*:*:*:*",
"matchCriteriaId": "0320DBC3-7512-42EA-92C0-75D918BF27CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.0_2005q4:*:solaris_x86:*:*:*:*:*",
"matchCriteriaId": "7D31D3F6-0621-47FA-8F36-7A6ACF75F655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.0_2005q4:*:windows:*:*:*:*:*",
"matchCriteriaId": "B7821A43-2549-4B75-A201-95A3AC58E8BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:hp-ux:*:*:*:*:*",
"matchCriteriaId": "589D3B3E-4F22-42B5-ADF1-C0537F85C4F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:linux:*:*:*:*:*",
"matchCriteriaId": "4CCDA95C-0EFF-4CF4-8CC6-EF110F0DAE76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_sparc:*:*:*:*:*",
"matchCriteriaId": "F73D1848-D765-46B8-9B61-4A7A351CA6A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_x86:*:*:*:*:*",
"matchCriteriaId": "51834E30-6780-433E-9146-C4B8DEFF7CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:windows:*:*:*:*:*",
"matchCriteriaId": "36C5F1CB-FEDE-4C19-B056-C846C86FDE8E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Administration Console in Sun Java System Access Manager 7.1 and 7 2005Q4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the (1) Help and (2) Version windows."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en la Consola de Administraci\u00f3n en Sun Java System Access Manager 7.1 y 7 2005Q4 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su eleccci\u00f3n a trav\u00e9s de vectores no especificados relacionados con las ventanas de (1) Ayuda y (2) Versi\u00f3n."
}
],
"id": "CVE-2008-1204",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-03-08T00:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29252"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-201251-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28113"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0784"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29252"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-201251-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0784"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41024"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2010-4444 (GCVE-0-2010-4444)
Vulnerability from cvelistv5 – Published: 2011-01-19 16:00 – Updated: 2024-08-07 03:43
VLAI?
Summary
Unspecified vulnerability in Oracle Sun Java System Access Manager and Oracle OpenSSO 7, 7.1, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:43:14.673Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45884",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45884"
},
{
"name": "70580",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/70580"
},
{
"name": "42986",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42986"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
},
{
"name": "oracle-sso-java-unauth-access(64811)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64811"
},
{
"name": "ADV-2011-0153",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0153"
},
{
"name": "70579",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/70579"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Oracle Sun Java System Access Manager and Oracle OpenSSO 7, 7.1, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "45884",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45884"
},
{
"name": "70580",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/70580"
},
{
"name": "42986",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42986"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
},
{
"name": "oracle-sso-java-unauth-access(64811)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64811"
},
{
"name": "ADV-2011-0153",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0153"
},
{
"name": "70579",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/70579"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2010-4444",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Sun Java System Access Manager and Oracle OpenSSO 7, 7.1, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45884",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45884"
},
{
"name": "70580",
"refsource": "OSVDB",
"url": "http://osvdb.org/70580"
},
{
"name": "42986",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42986"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
},
{
"name": "oracle-sso-java-unauth-access(64811)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64811"
},
{
"name": "ADV-2011-0153",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0153"
},
{
"name": "70579",
"refsource": "OSVDB",
"url": "http://osvdb.org/70579"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2010-4444",
"datePublished": "2011-01-19T16:00:00",
"dateReserved": "2010-12-06T00:00:00",
"dateUpdated": "2024-08-07T03:43:14.673Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2712 (GCVE-0-2009-2712)
Vulnerability from cvelistv5 – Published: 2009-08-07 18:33 – Updated: 2024-08-07 05:59
VLAI?
Summary
Sun Java System Access Manager 6.3 2005Q1, 7.0 2005Q4, and 7.1; and OpenSSO Enterprise 8.0; when AMConfig.properties enables the debug flag, allows local users to discover cleartext passwords by reading debug files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:59:56.935Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "56815",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/56815"
},
{
"name": "35963",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35963"
},
{
"name": "36169",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36169"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-119465-16-1"
},
{
"name": "256668",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-256668-1"
},
{
"name": "ADV-2009-2177",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2177"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-08-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Sun Java System Access Manager 6.3 2005Q1, 7.0 2005Q4, and 7.1; and OpenSSO Enterprise 8.0; when AMConfig.properties enables the debug flag, allows local users to discover cleartext passwords by reading debug files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-08-12T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "56815",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/56815"
},
{
"name": "35963",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35963"
},
{
"name": "36169",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36169"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-119465-16-1"
},
{
"name": "256668",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-256668-1"
},
{
"name": "ADV-2009-2177",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2177"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2712",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sun Java System Access Manager 6.3 2005Q1, 7.0 2005Q4, and 7.1; and OpenSSO Enterprise 8.0; when AMConfig.properties enables the debug flag, allows local users to discover cleartext passwords by reading debug files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "56815",
"refsource": "OSVDB",
"url": "http://osvdb.org/56815"
},
{
"name": "35963",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35963"
},
{
"name": "36169",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36169"
},
{
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-119465-16-1",
"refsource": "CONFIRM",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-119465-16-1"
},
{
"name": "256668",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-256668-1"
},
{
"name": "ADV-2009-2177",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2177"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2712",
"datePublished": "2009-08-07T18:33:00",
"dateReserved": "2009-08-07T00:00:00",
"dateUpdated": "2024-08-07T05:59:56.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2713 (GCVE-0-2009-2713)
Vulnerability from cvelistv5 – Published: 2009-08-07 18:33 – Updated: 2024-08-07 05:59
VLAI?
Summary
The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4 and 7.1, when Cross Domain Single Sign On (CDSSO) is enabled, does not ensure that "policy advice" is presented to the correct client, which allows remote attackers to obtain sensitive information via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:59:56.745Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1"
},
{
"name": "36167",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36167"
},
{
"name": "35961",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35961"
},
{
"name": "255968",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-255968-1"
},
{
"name": "ADV-2009-2176",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2176"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-08-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4 and 7.1, when Cross Domain Single Sign On (CDSSO) is enabled, does not ensure that \"policy advice\" is presented to the correct client, which allows remote attackers to obtain sensitive information via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-08-15T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1"
},
{
"name": "36167",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36167"
},
{
"name": "35961",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35961"
},
{
"name": "255968",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-255968-1"
},
{
"name": "ADV-2009-2176",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2176"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2713",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4 and 7.1, when Cross Domain Single Sign On (CDSSO) is enabled, does not ensure that \"policy advice\" is presented to the correct client, which allows remote attackers to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1",
"refsource": "CONFIRM",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1"
},
{
"name": "36167",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36167"
},
{
"name": "35961",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35961"
},
{
"name": "255968",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-255968-1"
},
{
"name": "ADV-2009-2176",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2176"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2713",
"datePublished": "2009-08-07T18:33:00",
"dateReserved": "2009-08-07T00:00:00",
"dateUpdated": "2024-08-07T05:59:56.745Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2268 (GCVE-0-2009-2268)
Vulnerability from cvelistv5 – Published: 2009-07-01 12:26 – Updated: 2024-08-07 05:44
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the Cross-Domain Controller (CDC) servlet in Sun Java System Access Manager 6 2005Q1, 7 2005Q4, and 7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:55.849Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1"
},
{
"name": "35651",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35651"
},
{
"name": "256568",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-256568-1"
},
{
"name": "1020343",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020343.1-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Cross-Domain Controller (CDC) servlet in Sun Java System Access Manager 6 2005Q1, 7 2005Q4, and 7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-04-30T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1"
},
{
"name": "35651",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35651"
},
{
"name": "256568",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-256568-1"
},
{
"name": "1020343",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020343.1-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2268",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Cross-Domain Controller (CDC) servlet in Sun Java System Access Manager 6 2005Q1, 7 2005Q4, and 7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1",
"refsource": "CONFIRM",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1"
},
{
"name": "35651",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35651"
},
{
"name": "256568",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-256568-1"
},
{
"name": "1020343",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020343.1-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2268",
"datePublished": "2009-07-01T12:26:00",
"dateReserved": "2009-07-01T00:00:00",
"dateUpdated": "2024-08-07T05:44:55.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0348 (GCVE-0-2009-0348)
Vulnerability from cvelistv5 – Published: 2009-01-29 19:00 – Updated: 2024-08-07 04:31
VLAI?
Summary
The login module in Sun Java System Access Manager 6 2005Q1 (aka 6.3), 7 2005Q4 (aka 7.0), and 7.1 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:31:25.535Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "sun-jsam-username-info-disclosure(48283)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48283"
},
{
"name": "242026",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-242026-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-119465-15-1"
},
{
"name": "ADV-2009-0269",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0269"
},
{
"name": "33489",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33489"
},
{
"name": "33688",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33688"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-01-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The login module in Sun Java System Access Manager 6 2005Q1 (aka 6.3), 7 2005Q4 (aka 7.0), and 7.1 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "sun-jsam-username-info-disclosure(48283)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48283"
},
{
"name": "242026",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-242026-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-119465-15-1"
},
{
"name": "ADV-2009-0269",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0269"
},
{
"name": "33489",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33489"
},
{
"name": "33688",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33688"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0348",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The login module in Sun Java System Access Manager 6 2005Q1 (aka 6.3), 7 2005Q4 (aka 7.0), and 7.1 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "sun-jsam-username-info-disclosure(48283)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48283"
},
{
"name": "242026",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-242026-1"
},
{
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-119465-15-1",
"refsource": "CONFIRM",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-119465-15-1"
},
{
"name": "ADV-2009-0269",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0269"
},
{
"name": "33489",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33489"
},
{
"name": "33688",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33688"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0348",
"datePublished": "2009-01-29T19:00:00",
"dateReserved": "2009-01-29T00:00:00",
"dateUpdated": "2024-08-07T04:31:25.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0169 (GCVE-0-2009-0169)
Vulnerability from cvelistv5 – Published: 2009-01-16 21:00 – Updated: 2024-08-07 04:24
VLAI?
Summary
Sun Java System Access Manager 7.1 allows remote authenticated sub-realm administrators to gain privileges, as demonstrated by creating the amadmin account in the sub-realm, and then logging in as amadmin in the root realm.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:24:17.791Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1021604",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021604"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-02-1"
},
{
"name": "ADV-2009-0157",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0157"
},
{
"name": "249106",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-249106-1"
},
{
"name": "33266",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33266"
},
{
"name": "sun-jsam-subrealm-privilege-escalation(47944)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47944"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-01-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Sun Java System Access Manager 7.1 allows remote authenticated sub-realm administrators to gain privileges, as demonstrated by creating the amadmin account in the sub-realm, and then logging in as amadmin in the root realm."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1021604",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021604"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-02-1"
},
{
"name": "ADV-2009-0157",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0157"
},
{
"name": "249106",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-249106-1"
},
{
"name": "33266",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33266"
},
{
"name": "sun-jsam-subrealm-privilege-escalation(47944)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47944"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0169",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sun Java System Access Manager 7.1 allows remote authenticated sub-realm administrators to gain privileges, as demonstrated by creating the amadmin account in the sub-realm, and then logging in as amadmin in the root realm."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1021604",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021604"
},
{
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-02-1",
"refsource": "CONFIRM",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-02-1"
},
{
"name": "ADV-2009-0157",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0157"
},
{
"name": "249106",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-249106-1"
},
{
"name": "33266",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33266"
},
{
"name": "sun-jsam-subrealm-privilege-escalation(47944)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47944"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0169",
"datePublished": "2009-01-16T21:00:00",
"dateReserved": "2009-01-16T00:00:00",
"dateUpdated": "2024-08-07T04:24:17.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0170 (GCVE-0-2009-0170)
Vulnerability from cvelistv5 – Published: 2009-01-16 21:00 – Updated: 2024-08-07 04:24
VLAI?
Summary
Sun Java System Access Manager 6.3 2005Q1, 7 2005Q4, and 7.1 allows remote authenticated users with console privileges to discover passwords, and obtain unspecified other "access to resources," by visiting the Configuration Items component in the console.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:24:18.155Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-02-1"
},
{
"name": "33265",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33265"
},
{
"name": "1021605",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021605"
},
{
"name": "242166",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-242166-1"
},
{
"name": "sun-jsam-password-info-disclosure(47942)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47942"
},
{
"name": "ADV-2009-0156",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0156"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-01-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Sun Java System Access Manager 6.3 2005Q1, 7 2005Q4, and 7.1 allows remote authenticated users with console privileges to discover passwords, and obtain unspecified other \"access to resources,\" by visiting the Configuration Items component in the console."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-02-1"
},
{
"name": "33265",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33265"
},
{
"name": "1021605",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021605"
},
{
"name": "242166",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-242166-1"
},
{
"name": "sun-jsam-password-info-disclosure(47942)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47942"
},
{
"name": "ADV-2009-0156",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0156"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0170",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sun Java System Access Manager 6.3 2005Q1, 7 2005Q4, and 7.1 allows remote authenticated users with console privileges to discover passwords, and obtain unspecified other \"access to resources,\" by visiting the Configuration Items component in the console."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-02-1",
"refsource": "CONFIRM",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-02-1"
},
{
"name": "33265",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33265"
},
{
"name": "1021605",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021605"
},
{
"name": "242166",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-242166-1"
},
{
"name": "sun-jsam-password-info-disclosure(47942)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47942"
},
{
"name": "ADV-2009-0156",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0156"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0170",
"datePublished": "2009-01-16T21:00:00",
"dateReserved": "2009-01-16T00:00:00",
"dateUpdated": "2024-08-07T04:24:18.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2945 (GCVE-0-2008-2945)
Vulnerability from cvelistv5 – Published: 2008-06-30 22:00 – Updated: 2024-08-07 09:21
VLAI?
Summary
Sun Java System Access Manager 6.3 through 7.1 and Sun Java System Identity Server 6.1 and 6.2 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715, CVE-2007-3716, and CVE-2007-4289.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:21:34.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "201538",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-201538-1"
},
{
"name": "sun-jsam-xslt-code-execution(43429)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43429"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-294.htm"
},
{
"name": "1020380",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020380"
},
{
"name": "29988",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29988"
},
{
"name": "ADV-2008-1967",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1967/references"
},
{
"name": "30893",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30893"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Sun Java System Access Manager 6.3 through 7.1 and Sun Java System Identity Server 6.1 and 6.2 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715, CVE-2007-3716, and CVE-2007-4289."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "201538",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-201538-1"
},
{
"name": "sun-jsam-xslt-code-execution(43429)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43429"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-294.htm"
},
{
"name": "1020380",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020380"
},
{
"name": "29988",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29988"
},
{
"name": "ADV-2008-1967",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1967/references"
},
{
"name": "30893",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30893"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2945",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sun Java System Access Manager 6.3 through 7.1 and Sun Java System Identity Server 6.1 and 6.2 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715, CVE-2007-3716, and CVE-2007-4289."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "201538",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-201538-1"
},
{
"name": "sun-jsam-xslt-code-execution(43429)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43429"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-294.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-294.htm"
},
{
"name": "1020380",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020380"
},
{
"name": "29988",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29988"
},
{
"name": "ADV-2008-1967",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1967/references"
},
{
"name": "30893",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30893"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2945",
"datePublished": "2008-06-30T22:00:00",
"dateReserved": "2008-06-30T00:00:00",
"dateUpdated": "2024-08-07T09:21:34.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2705 (GCVE-0-2008-2705)
Vulnerability from cvelistv5 – Published: 2008-06-16 18:26 – Updated: 2024-08-07 09:14
VLAI?
Summary
Unspecified vulnerability in Sun Java System Access Manager (AM) 7.1, when used with certain versions and configurations of Sun Directory Server Enterprise Edition (DSEE), allows remote attackers to bypass authentication via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:14:14.218Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "sun-jsam-unspecified-security-bypass(43004)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43004"
},
{
"name": "30652",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30652"
},
{
"name": "238416",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238416-1"
},
{
"name": "29676",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29676"
},
{
"name": "1020273",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020273"
},
{
"name": "ADV-2008-1806",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1806"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Sun Java System Access Manager (AM) 7.1, when used with certain versions and configurations of Sun Directory Server Enterprise Edition (DSEE), allows remote attackers to bypass authentication via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "sun-jsam-unspecified-security-bypass(43004)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43004"
},
{
"name": "30652",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30652"
},
{
"name": "238416",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238416-1"
},
{
"name": "29676",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29676"
},
{
"name": "1020273",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020273"
},
{
"name": "ADV-2008-1806",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1806"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2705",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Sun Java System Access Manager (AM) 7.1, when used with certain versions and configurations of Sun Directory Server Enterprise Edition (DSEE), allows remote attackers to bypass authentication via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "sun-jsam-unspecified-security-bypass(43004)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43004"
},
{
"name": "30652",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30652"
},
{
"name": "238416",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238416-1"
},
{
"name": "29676",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29676"
},
{
"name": "1020273",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020273"
},
{
"name": "ADV-2008-1806",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1806"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2705",
"datePublished": "2008-06-16T18:26:00",
"dateReserved": "2008-06-16T00:00:00",
"dateUpdated": "2024-08-07T09:14:14.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1204 (GCVE-0-2008-1204)
Vulnerability from cvelistv5 – Published: 2008-03-08 00:00 – Updated: 2024-08-07 08:17
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Administration Console in Sun Java System Access Manager 7.1 and 7 2005Q4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the (1) Help and (2) Version windows.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:34.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28113",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28113"
},
{
"name": "sun-jsam-adminconsole-xss(41024)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41024"
},
{
"name": "29252",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29252"
},
{
"name": "201251",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-201251-1"
},
{
"name": "ADV-2008-0784",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0784"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Administration Console in Sun Java System Access Manager 7.1 and 7 2005Q4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the (1) Help and (2) Version windows."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28113",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28113"
},
{
"name": "sun-jsam-adminconsole-xss(41024)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41024"
},
{
"name": "29252",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29252"
},
{
"name": "201251",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-201251-1"
},
{
"name": "ADV-2008-0784",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0784"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1204",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Administration Console in Sun Java System Access Manager 7.1 and 7 2005Q4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the (1) Help and (2) Version windows."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28113",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28113"
},
{
"name": "sun-jsam-adminconsole-xss(41024)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41024"
},
{
"name": "29252",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29252"
},
{
"name": "201251",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-201251-1"
},
{
"name": "ADV-2008-0784",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0784"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1204",
"datePublished": "2008-03-08T00:00:00",
"dateReserved": "2008-03-07T00:00:00",
"dateUpdated": "2024-08-07T08:17:34.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4444 (GCVE-0-2010-4444)
Vulnerability from nvd – Published: 2011-01-19 16:00 – Updated: 2024-08-07 03:43
VLAI?
Summary
Unspecified vulnerability in Oracle Sun Java System Access Manager and Oracle OpenSSO 7, 7.1, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:43:14.673Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45884",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45884"
},
{
"name": "70580",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/70580"
},
{
"name": "42986",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42986"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
},
{
"name": "oracle-sso-java-unauth-access(64811)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64811"
},
{
"name": "ADV-2011-0153",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0153"
},
{
"name": "70579",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/70579"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Oracle Sun Java System Access Manager and Oracle OpenSSO 7, 7.1, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "45884",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45884"
},
{
"name": "70580",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/70580"
},
{
"name": "42986",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42986"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
},
{
"name": "oracle-sso-java-unauth-access(64811)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64811"
},
{
"name": "ADV-2011-0153",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0153"
},
{
"name": "70579",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/70579"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2010-4444",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Sun Java System Access Manager and Oracle OpenSSO 7, 7.1, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45884",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45884"
},
{
"name": "70580",
"refsource": "OSVDB",
"url": "http://osvdb.org/70580"
},
{
"name": "42986",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42986"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
},
{
"name": "oracle-sso-java-unauth-access(64811)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64811"
},
{
"name": "ADV-2011-0153",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0153"
},
{
"name": "70579",
"refsource": "OSVDB",
"url": "http://osvdb.org/70579"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2010-4444",
"datePublished": "2011-01-19T16:00:00",
"dateReserved": "2010-12-06T00:00:00",
"dateUpdated": "2024-08-07T03:43:14.673Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2712 (GCVE-0-2009-2712)
Vulnerability from nvd – Published: 2009-08-07 18:33 – Updated: 2024-08-07 05:59
VLAI?
Summary
Sun Java System Access Manager 6.3 2005Q1, 7.0 2005Q4, and 7.1; and OpenSSO Enterprise 8.0; when AMConfig.properties enables the debug flag, allows local users to discover cleartext passwords by reading debug files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:59:56.935Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "56815",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/56815"
},
{
"name": "35963",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35963"
},
{
"name": "36169",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36169"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-119465-16-1"
},
{
"name": "256668",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-256668-1"
},
{
"name": "ADV-2009-2177",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2177"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-08-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Sun Java System Access Manager 6.3 2005Q1, 7.0 2005Q4, and 7.1; and OpenSSO Enterprise 8.0; when AMConfig.properties enables the debug flag, allows local users to discover cleartext passwords by reading debug files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-08-12T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "56815",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/56815"
},
{
"name": "35963",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35963"
},
{
"name": "36169",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36169"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-119465-16-1"
},
{
"name": "256668",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-256668-1"
},
{
"name": "ADV-2009-2177",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2177"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2712",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sun Java System Access Manager 6.3 2005Q1, 7.0 2005Q4, and 7.1; and OpenSSO Enterprise 8.0; when AMConfig.properties enables the debug flag, allows local users to discover cleartext passwords by reading debug files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "56815",
"refsource": "OSVDB",
"url": "http://osvdb.org/56815"
},
{
"name": "35963",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35963"
},
{
"name": "36169",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36169"
},
{
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-119465-16-1",
"refsource": "CONFIRM",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-119465-16-1"
},
{
"name": "256668",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-256668-1"
},
{
"name": "ADV-2009-2177",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2177"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2712",
"datePublished": "2009-08-07T18:33:00",
"dateReserved": "2009-08-07T00:00:00",
"dateUpdated": "2024-08-07T05:59:56.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2713 (GCVE-0-2009-2713)
Vulnerability from nvd – Published: 2009-08-07 18:33 – Updated: 2024-08-07 05:59
VLAI?
Summary
The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4 and 7.1, when Cross Domain Single Sign On (CDSSO) is enabled, does not ensure that "policy advice" is presented to the correct client, which allows remote attackers to obtain sensitive information via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:59:56.745Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1"
},
{
"name": "36167",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36167"
},
{
"name": "35961",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35961"
},
{
"name": "255968",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-255968-1"
},
{
"name": "ADV-2009-2176",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2176"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-08-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4 and 7.1, when Cross Domain Single Sign On (CDSSO) is enabled, does not ensure that \"policy advice\" is presented to the correct client, which allows remote attackers to obtain sensitive information via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-08-15T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1"
},
{
"name": "36167",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36167"
},
{
"name": "35961",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35961"
},
{
"name": "255968",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-255968-1"
},
{
"name": "ADV-2009-2176",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2176"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2713",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4 and 7.1, when Cross Domain Single Sign On (CDSSO) is enabled, does not ensure that \"policy advice\" is presented to the correct client, which allows remote attackers to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1",
"refsource": "CONFIRM",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1"
},
{
"name": "36167",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36167"
},
{
"name": "35961",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35961"
},
{
"name": "255968",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-255968-1"
},
{
"name": "ADV-2009-2176",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2176"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2713",
"datePublished": "2009-08-07T18:33:00",
"dateReserved": "2009-08-07T00:00:00",
"dateUpdated": "2024-08-07T05:59:56.745Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2268 (GCVE-0-2009-2268)
Vulnerability from nvd – Published: 2009-07-01 12:26 – Updated: 2024-08-07 05:44
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the Cross-Domain Controller (CDC) servlet in Sun Java System Access Manager 6 2005Q1, 7 2005Q4, and 7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:55.849Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1"
},
{
"name": "35651",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35651"
},
{
"name": "256568",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-256568-1"
},
{
"name": "1020343",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020343.1-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Cross-Domain Controller (CDC) servlet in Sun Java System Access Manager 6 2005Q1, 7 2005Q4, and 7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-04-30T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1"
},
{
"name": "35651",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35651"
},
{
"name": "256568",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-256568-1"
},
{
"name": "1020343",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020343.1-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2268",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Cross-Domain Controller (CDC) servlet in Sun Java System Access Manager 6 2005Q1, 7 2005Q4, and 7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1",
"refsource": "CONFIRM",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1"
},
{
"name": "35651",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35651"
},
{
"name": "256568",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-256568-1"
},
{
"name": "1020343",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020343.1-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2268",
"datePublished": "2009-07-01T12:26:00",
"dateReserved": "2009-07-01T00:00:00",
"dateUpdated": "2024-08-07T05:44:55.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0348 (GCVE-0-2009-0348)
Vulnerability from nvd – Published: 2009-01-29 19:00 – Updated: 2024-08-07 04:31
VLAI?
Summary
The login module in Sun Java System Access Manager 6 2005Q1 (aka 6.3), 7 2005Q4 (aka 7.0), and 7.1 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:31:25.535Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "sun-jsam-username-info-disclosure(48283)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48283"
},
{
"name": "242026",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-242026-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-119465-15-1"
},
{
"name": "ADV-2009-0269",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0269"
},
{
"name": "33489",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33489"
},
{
"name": "33688",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33688"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-01-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The login module in Sun Java System Access Manager 6 2005Q1 (aka 6.3), 7 2005Q4 (aka 7.0), and 7.1 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "sun-jsam-username-info-disclosure(48283)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48283"
},
{
"name": "242026",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-242026-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-119465-15-1"
},
{
"name": "ADV-2009-0269",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0269"
},
{
"name": "33489",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33489"
},
{
"name": "33688",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33688"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0348",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The login module in Sun Java System Access Manager 6 2005Q1 (aka 6.3), 7 2005Q4 (aka 7.0), and 7.1 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "sun-jsam-username-info-disclosure(48283)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48283"
},
{
"name": "242026",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-242026-1"
},
{
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-119465-15-1",
"refsource": "CONFIRM",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-119465-15-1"
},
{
"name": "ADV-2009-0269",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0269"
},
{
"name": "33489",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33489"
},
{
"name": "33688",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33688"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0348",
"datePublished": "2009-01-29T19:00:00",
"dateReserved": "2009-01-29T00:00:00",
"dateUpdated": "2024-08-07T04:31:25.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0169 (GCVE-0-2009-0169)
Vulnerability from nvd – Published: 2009-01-16 21:00 – Updated: 2024-08-07 04:24
VLAI?
Summary
Sun Java System Access Manager 7.1 allows remote authenticated sub-realm administrators to gain privileges, as demonstrated by creating the amadmin account in the sub-realm, and then logging in as amadmin in the root realm.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:24:17.791Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1021604",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021604"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-02-1"
},
{
"name": "ADV-2009-0157",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0157"
},
{
"name": "249106",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-249106-1"
},
{
"name": "33266",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33266"
},
{
"name": "sun-jsam-subrealm-privilege-escalation(47944)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47944"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-01-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Sun Java System Access Manager 7.1 allows remote authenticated sub-realm administrators to gain privileges, as demonstrated by creating the amadmin account in the sub-realm, and then logging in as amadmin in the root realm."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1021604",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021604"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-02-1"
},
{
"name": "ADV-2009-0157",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0157"
},
{
"name": "249106",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-249106-1"
},
{
"name": "33266",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33266"
},
{
"name": "sun-jsam-subrealm-privilege-escalation(47944)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47944"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0169",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sun Java System Access Manager 7.1 allows remote authenticated sub-realm administrators to gain privileges, as demonstrated by creating the amadmin account in the sub-realm, and then logging in as amadmin in the root realm."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1021604",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021604"
},
{
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-02-1",
"refsource": "CONFIRM",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-02-1"
},
{
"name": "ADV-2009-0157",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0157"
},
{
"name": "249106",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-249106-1"
},
{
"name": "33266",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33266"
},
{
"name": "sun-jsam-subrealm-privilege-escalation(47944)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47944"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0169",
"datePublished": "2009-01-16T21:00:00",
"dateReserved": "2009-01-16T00:00:00",
"dateUpdated": "2024-08-07T04:24:17.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0170 (GCVE-0-2009-0170)
Vulnerability from nvd – Published: 2009-01-16 21:00 – Updated: 2024-08-07 04:24
VLAI?
Summary
Sun Java System Access Manager 6.3 2005Q1, 7 2005Q4, and 7.1 allows remote authenticated users with console privileges to discover passwords, and obtain unspecified other "access to resources," by visiting the Configuration Items component in the console.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:24:18.155Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-02-1"
},
{
"name": "33265",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33265"
},
{
"name": "1021605",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021605"
},
{
"name": "242166",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-242166-1"
},
{
"name": "sun-jsam-password-info-disclosure(47942)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47942"
},
{
"name": "ADV-2009-0156",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0156"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-01-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Sun Java System Access Manager 6.3 2005Q1, 7 2005Q4, and 7.1 allows remote authenticated users with console privileges to discover passwords, and obtain unspecified other \"access to resources,\" by visiting the Configuration Items component in the console."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-02-1"
},
{
"name": "33265",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33265"
},
{
"name": "1021605",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021605"
},
{
"name": "242166",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-242166-1"
},
{
"name": "sun-jsam-password-info-disclosure(47942)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47942"
},
{
"name": "ADV-2009-0156",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0156"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0170",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sun Java System Access Manager 6.3 2005Q1, 7 2005Q4, and 7.1 allows remote authenticated users with console privileges to discover passwords, and obtain unspecified other \"access to resources,\" by visiting the Configuration Items component in the console."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-02-1",
"refsource": "CONFIRM",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-02-1"
},
{
"name": "33265",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33265"
},
{
"name": "1021605",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021605"
},
{
"name": "242166",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-242166-1"
},
{
"name": "sun-jsam-password-info-disclosure(47942)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47942"
},
{
"name": "ADV-2009-0156",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0156"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0170",
"datePublished": "2009-01-16T21:00:00",
"dateReserved": "2009-01-16T00:00:00",
"dateUpdated": "2024-08-07T04:24:18.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2945 (GCVE-0-2008-2945)
Vulnerability from nvd – Published: 2008-06-30 22:00 – Updated: 2024-08-07 09:21
VLAI?
Summary
Sun Java System Access Manager 6.3 through 7.1 and Sun Java System Identity Server 6.1 and 6.2 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715, CVE-2007-3716, and CVE-2007-4289.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:21:34.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "201538",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-201538-1"
},
{
"name": "sun-jsam-xslt-code-execution(43429)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43429"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-294.htm"
},
{
"name": "1020380",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020380"
},
{
"name": "29988",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29988"
},
{
"name": "ADV-2008-1967",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1967/references"
},
{
"name": "30893",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30893"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Sun Java System Access Manager 6.3 through 7.1 and Sun Java System Identity Server 6.1 and 6.2 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715, CVE-2007-3716, and CVE-2007-4289."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "201538",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-201538-1"
},
{
"name": "sun-jsam-xslt-code-execution(43429)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43429"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-294.htm"
},
{
"name": "1020380",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020380"
},
{
"name": "29988",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29988"
},
{
"name": "ADV-2008-1967",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1967/references"
},
{
"name": "30893",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30893"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2945",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sun Java System Access Manager 6.3 through 7.1 and Sun Java System Identity Server 6.1 and 6.2 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715, CVE-2007-3716, and CVE-2007-4289."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "201538",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-201538-1"
},
{
"name": "sun-jsam-xslt-code-execution(43429)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43429"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-294.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-294.htm"
},
{
"name": "1020380",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020380"
},
{
"name": "29988",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29988"
},
{
"name": "ADV-2008-1967",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1967/references"
},
{
"name": "30893",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30893"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2945",
"datePublished": "2008-06-30T22:00:00",
"dateReserved": "2008-06-30T00:00:00",
"dateUpdated": "2024-08-07T09:21:34.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2705 (GCVE-0-2008-2705)
Vulnerability from nvd – Published: 2008-06-16 18:26 – Updated: 2024-08-07 09:14
VLAI?
Summary
Unspecified vulnerability in Sun Java System Access Manager (AM) 7.1, when used with certain versions and configurations of Sun Directory Server Enterprise Edition (DSEE), allows remote attackers to bypass authentication via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:14:14.218Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "sun-jsam-unspecified-security-bypass(43004)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43004"
},
{
"name": "30652",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30652"
},
{
"name": "238416",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238416-1"
},
{
"name": "29676",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29676"
},
{
"name": "1020273",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020273"
},
{
"name": "ADV-2008-1806",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1806"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Sun Java System Access Manager (AM) 7.1, when used with certain versions and configurations of Sun Directory Server Enterprise Edition (DSEE), allows remote attackers to bypass authentication via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "sun-jsam-unspecified-security-bypass(43004)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43004"
},
{
"name": "30652",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30652"
},
{
"name": "238416",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238416-1"
},
{
"name": "29676",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29676"
},
{
"name": "1020273",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020273"
},
{
"name": "ADV-2008-1806",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1806"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2705",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Sun Java System Access Manager (AM) 7.1, when used with certain versions and configurations of Sun Directory Server Enterprise Edition (DSEE), allows remote attackers to bypass authentication via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "sun-jsam-unspecified-security-bypass(43004)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43004"
},
{
"name": "30652",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30652"
},
{
"name": "238416",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238416-1"
},
{
"name": "29676",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29676"
},
{
"name": "1020273",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020273"
},
{
"name": "ADV-2008-1806",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1806"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2705",
"datePublished": "2008-06-16T18:26:00",
"dateReserved": "2008-06-16T00:00:00",
"dateUpdated": "2024-08-07T09:14:14.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1204 (GCVE-0-2008-1204)
Vulnerability from nvd – Published: 2008-03-08 00:00 – Updated: 2024-08-07 08:17
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Administration Console in Sun Java System Access Manager 7.1 and 7 2005Q4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the (1) Help and (2) Version windows.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:34.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28113",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28113"
},
{
"name": "sun-jsam-adminconsole-xss(41024)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41024"
},
{
"name": "29252",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29252"
},
{
"name": "201251",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-201251-1"
},
{
"name": "ADV-2008-0784",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0784"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Administration Console in Sun Java System Access Manager 7.1 and 7 2005Q4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the (1) Help and (2) Version windows."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28113",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28113"
},
{
"name": "sun-jsam-adminconsole-xss(41024)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41024"
},
{
"name": "29252",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29252"
},
{
"name": "201251",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-201251-1"
},
{
"name": "ADV-2008-0784",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0784"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1204",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Administration Console in Sun Java System Access Manager 7.1 and 7 2005Q4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the (1) Help and (2) Version windows."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28113",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28113"
},
{
"name": "sun-jsam-adminconsole-xss(41024)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41024"
},
{
"name": "29252",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29252"
},
{
"name": "201251",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-201251-1"
},
{
"name": "ADV-2008-0784",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0784"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1204",
"datePublished": "2008-03-08T00:00:00",
"dateReserved": "2008-03-07T00:00:00",
"dateUpdated": "2024-08-07T08:17:34.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}