Sun

Java System Identity Manager

19 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2009-1074

Exploit
  • EPSS 0.65%
  • Published 25.03.2009 15:30:00
  • Last modified 09.04.2025 00:30:58

Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not use SSL in all expected circumstances, which makes it easier for remote attackers to obtain sensitive information by sniffing the network, related to "ssl termination devices" and lack o...

4.3

CVE-2008-5118

  • EPSS 0.72%
  • Published 18.11.2008 00:30:00
  • Last modified 09.04.2025 00:30:58

Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to inject frames from arbitrary web sites and conduct phishing attacks via unspecified vectors, related to "frame injection."

6.4

CVE-2008-5117

  • EPSS 1.26%
  • Published 18.11.2008 00:30:00
  • Last modified 09.04.2025 00:30:58

Open redirect vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

7.8

CVE-2008-5116

Exploit
  • EPSS 0.72%
  • Published 18.11.2008 00:30:00
  • Last modified 09.04.2025 00:30:58

Directory traversal vulnerability in idm/includes/helpServer.jsp in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to read arbitrary files in the filesystem of the IDM server via directory traversal sequenc...

6.8

CVE-2008-5115

  • EPSS 0.68%
  • Published 18.11.2008 00:30:00
  • Last modified 09.04.2025 00:30:58

Cross-site request forgery (CSRF) vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to hijack the authentication of administrators for requests that update the password via idm/admin/changesel...

4.3

CVE-2008-5114

  • EPSS 0.5%
  • Published 18.11.2008 00:30:00
  • Last modified 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3

CVE-2008-0239

Exploit
  • EPSS 6.36%
  • Published 11.01.2008 22:46:00
  • Last modified 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allow remote attackers to inject arbitrary HTML or web script via the (1) cntry or lang parameters to /idm/login.jsp, (2) result...

5.8

CVE-2008-0241

Exploit
  • EPSS 1.95%
  • Published 11.01.2008 22:46:00
  • Last modified 09.04.2025 00:30:58

Open redirect vulnerability in /idm/user/login.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the nextPage parameter...

4.3

CVE-2008-0240

Exploit
  • EPSS 6.2%
  • Published 11.01.2008 22:46:00
  • Last modified 09.04.2025 00:30:58

/idm/help/index.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to inject frames from arbitrary web sites and conduct phishing attacks via the helpUrl parameter, aka "frame injection."