Sun

Java System Identity Manager

19 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2009-1074

Exploit
  • EPSS 0.65%
  • Veröffentlicht 25.03.2009 15:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not use SSL in all expected circumstances, which makes it easier for remote attackers to obtain sensitive information by sniffing the network, related to "ssl termination devices" and lack o...

4.3

CVE-2008-5118

  • EPSS 0.72%
  • Veröffentlicht 18.11.2008 00:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to inject frames from arbitrary web sites and conduct phishing attacks via unspecified vectors, related to "frame injection."

6.4

CVE-2008-5117

  • EPSS 1.26%
  • Veröffentlicht 18.11.2008 00:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Open redirect vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

7.8

CVE-2008-5116

Exploit
  • EPSS 0.72%
  • Veröffentlicht 18.11.2008 00:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Directory traversal vulnerability in idm/includes/helpServer.jsp in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to read arbitrary files in the filesystem of the IDM server via directory traversal sequenc...

6.8

CVE-2008-5115

  • EPSS 0.68%
  • Veröffentlicht 18.11.2008 00:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site request forgery (CSRF) vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to hijack the authentication of administrators for requests that update the password via idm/admin/changesel...

4.3

CVE-2008-5114

  • EPSS 0.5%
  • Veröffentlicht 18.11.2008 00:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3

CVE-2008-0239

Exploit
  • EPSS 6.36%
  • Veröffentlicht 11.01.2008 22:46:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allow remote attackers to inject arbitrary HTML or web script via the (1) cntry or lang parameters to /idm/login.jsp, (2) result...

5.8

CVE-2008-0241

Exploit
  • EPSS 1.95%
  • Veröffentlicht 11.01.2008 22:46:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Open redirect vulnerability in /idm/user/login.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the nextPage parameter...

4.3

CVE-2008-0240

Exploit
  • EPSS 6.2%
  • Veröffentlicht 11.01.2008 22:46:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

/idm/help/index.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to inject frames from arbitrary web sites and conduct phishing attacks via the helpUrl parameter, aka "frame injection."