CVE-2008-5423

EPSS 0.08%
Published 11.12.2008 15:30:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Sun Sun Ray Server Software 3.x and 4.0 and Sun Ray Windows Connector 1.1 and 2.0 expose the LDAP password during a configuration step, which allows local users to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors related to the utconfig component of the Server Software and the uttscadm component of the Windows Connector.

Affected products Warnungen 0 Metrics 2 CWE 1 References 14

Data is provided by the National Vulnerability Database (NVD)

Sun ≫ Ray Server Software Version3.0 Editionsparc

   Sun ≫ Solaris Version8 Editionsparc
   Sun ≫ Solaris Version9 Editionsparc
   Sun ≫ Solaris Version10 Editionsparc

Sun ≫ Ray Server Software Version3.1 Editionsparc

   Sun ≫ Solaris Version8 Editionsparc
   Sun ≫ Solaris Version9 Editionsparc
   Sun ≫ Solaris Version10 Editionsparc

Sun ≫ Ray Server Software Version4.0 Editionsparc

   Sun ≫ Solaris Version8 Editionsparc
   Sun ≫ Solaris Version9 Editionsparc
   Sun ≫ Solaris Version10 Editionsparc

Sun ≫ Ray Server Software Version3.1 Editionx86

Sun ≫ Solaris Version10 Editionx86

Sun ≫ Ray Server Software Version4.0 Editionx86

Sun ≫ Solaris Version10 Editionx86

Sun ≫ Ray Windows Connector Version1.1 Editionsparc

Sun ≫ Ray Windows Connector Version2.0 Editionsparc

Sun ≫ Ray Server Software Version3.1 Editionsparc

Sun ≫ Ray Server Software Version4.0 Editionsparc

Sun ≫ Ray Windows Connector Version1.1 Editionx86

Sun ≫ Ray Windows Connector Version2.0 Editionx86

Sun ≫ Ray Server Software Version3.1 Editionx86

Sun ≫ Ray Server Software Version4.0 Editionx86

Sun ≫ Ray Windows Connector Version1.1 Editionlinux

Sun ≫ Ray Windows Connector Version2.0 Editionlinux

Sun ≫ Ray Server Software Version3.1.1 Editionlinux

Sun ≫ Ray Server Software Version4.0 Editionlinux

Sun ≫ Ray Server Software Version3.1.1 Editionlinux

Novell ≫ Suse Linux Enterprise Server Version9
Redhat ≫ Enterprise Linux Version4 Editionadvanced_server

Sun ≫ Ray Server Software Version4.0 Editionlinux

Novell ≫ Suse Linux Enterprise Server Version9
Redhat ≫ Enterprise Linux Version4 Editionadvanced_server

Sun ≫ Ray Server Software Version3.0 Editionlinux

   Sun ≫ Java Desktop System Version2.0
   Novell ≫ Suse Linux Enterprise Server Version8
   Redhat ≫ Enterprise Linux Version3 Editionadvanced_server

Sun ≫ Ray Server Software Version3.1 Editionlinux

   Sun ≫ Java Desktop System Version2.0
   Novell ≫ Suse Linux Enterprise Server Version8
   Redhat ≫ Enterprise Linux Version3 Editionadvanced_server

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.08%	0.24

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	3.1	6.4	AV:L/AC:L/Au:S/C:P/I:P/A:P

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://secunia.com/advisories/33108

http://sunsolve.sun.com/search/document.do?assetkey=1-21-127553-04-1

Patch

http://www.vupen.com/english/advisories/2008/3406

http://secunia.com/advisories/33119

http://securitytracker.com/id?1021379

http://sunsolve.sun.com/search/document.do?assetkey=1-21-127556-03-1

Patch

Vendor Advisory

http://sunsolve.sun.com/search/document.do?assetkey=1-26-240506-1

Patch

http://support.avaya.com/elmodocs2/security/ASA-2008-500.htm

http://www.securityfocus.com/bid/32772

http://www.vupen.com/english/advisories/2008/3407

https://exchange.xforce.ibmcloud.com/vulnerabilities/47258

https://nvd.nist.gov/vuln/detail/CVE-2008-5423

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-5423

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-5423

EUVD