Sun

Java System Access Manager

15 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.8

CVE-2010-4444

  • EPSS 1.2%
  • Veröffentlicht 19.01.2011 17:00:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Unspecified vulnerability in Oracle Sun Java System Access Manager and Oracle OpenSSO 7, 7.1, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

2.1

CVE-2009-2712

  • EPSS 0.06%
  • Veröffentlicht 07.08.2009 19:00:01
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Sun Java System Access Manager 6.3 2005Q1, 7.0 2005Q4, and 7.1; and OpenSSO Enterprise 8.0; when AMConfig.properties enables the debug flag, allows local users to discover cleartext passwords by reading debug files.

4.3

CVE-2009-2713

  • EPSS 0.42%
  • Veröffentlicht 07.08.2009 19:00:01
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4 and 7.1, when Cross Domain Single Sign On (CDSSO) is enabled, does not ensure that "policy advice" is presented to the correct client, which allows remote attackers to obtain sensi...

2.6

CVE-2009-2268

  • EPSS 0.25%
  • Veröffentlicht 01.07.2009 13:00:01
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in the Cross-Domain Controller (CDC) servlet in Sun Java System Access Manager 6 2005Q1, 7 2005Q4, and 7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

5

CVE-2009-0348

  • EPSS 8.47%
  • Veröffentlicht 29.01.2009 19:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The login module in Sun Java System Access Manager 6 2005Q1 (aka 6.3), 7 2005Q4 (aka 7.0), and 7.1 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames...

9

CVE-2009-0169

  • EPSS 1.44%
  • Veröffentlicht 16.01.2009 21:30:03
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Sun Java System Access Manager 7.1 allows remote authenticated sub-realm administrators to gain privileges, as demonstrated by creating the amadmin account in the sub-realm, and then logging in as amadmin in the root realm.

6

CVE-2009-0170

  • EPSS 0.8%
  • Veröffentlicht 16.01.2009 21:30:03
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Sun Java System Access Manager 6.3 2005Q1, 7 2005Q4, and 7.1 allows remote authenticated users with console privileges to discover passwords, and obtain unspecified other "access to resources," by visiting the Configuration Items component in the con...

7.5

CVE-2008-2945

  • EPSS 0.9%
  • Veröffentlicht 30.06.2008 22:41:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Sun Java System Access Manager 6.3 through 7.1 and Sun Java System Identity Server 6.1 and 6.2 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a cra...

9.3

CVE-2008-2705

  • EPSS 0.35%
  • Veröffentlicht 16.06.2008 18:41:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Unspecified vulnerability in Sun Java System Access Manager (AM) 7.1, when used with certain versions and configurations of Sun Directory Server Enterprise Edition (DSEE), allows remote attackers to bypass authentication via unspecified vectors.

4.3

CVE-2008-1204

  • EPSS 0.29%
  • Veröffentlicht 08.03.2008 00:44:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in the Administration Console in Sun Java System Access Manager 7.1 and 7 2005Q4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the (1) Help and (2)...