6 results (0.004 seconds)

CVSS: 6.8EPSS: 1%CPEs: 4EXPL: 0

Unspecified vulnerability in Oracle Sun Java System Access Manager and Oracle OpenSSO 7, 7.1, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Vulnerabilidad no especificada en Oracle Sun Java System Access Manager y Oracle OpenSSO v7, v7.1 y v8 permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a través de vectores desconocidos. • http://osvdb.org/70579 http://osvdb.org/70580 http://secunia.com/advisories/42986 http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html http://www.securityfocus.com/bid/45884 http://www.vupen.com/english/advisories/2011/0153 https://exchange.xforce.ibmcloud.com/vulnerabilities/64811 •

CVSS: 4.3EPSS: 0%CPEs: 31EXPL: 0

The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4 and 7.1, when Cross Domain Single Sign On (CDSSO) is enabled, does not ensure that "policy advice" is presented to the correct client, which allows remote attackers to obtain sensitive information via unspecified vectors. El componente CDCServlet en Sun Java System Access Manager v7.0 2005Q4 y v7.1, cuando Cross Domain Single Sign On (CDSSO) está habilitado, no garantiza que "policy advice" (aviso de políticas) se presenta al cliente correcto, lo cual permite a un atacante remoto obtener información sensible a través de vectores no especificados. • http://secunia.com/advisories/36167 http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-255968-1 http://www.securityfocus.com/bid/35961 http://www.vupen.com/english/advisories/2009/2176 •

CVSS: 2.1EPSS: 0%CPEs: 32EXPL: 0

Sun Java System Access Manager 6.3 2005Q1, 7.0 2005Q4, and 7.1; and OpenSSO Enterprise 8.0; when AMConfig.properties enables the debug flag, allows local users to discover cleartext passwords by reading debug files. Sun Java System Access Manager v6.3 2005Q1, v7.0 2005Q4, y v7.1; y OpenSSO Enterprise v8.0; cuando AMConfig.properties permite a la marca de depuración, permite a los usuarios locales descubrir contraseñas en texto claro mediante la lectura de archivos de depuración. • http://osvdb.org/56815 http://secunia.com/advisories/36169 http://sunsolve.sun.com/search/document.do?assetkey=1-21-119465-16-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-256668-1 http://www.securityfocus.com/bid/35963 http://www.vupen.com/english/advisories/2009/2177 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 2.6EPSS: 0%CPEs: 26EXPL: 0

Cross-site scripting (XSS) vulnerability in the Cross-Domain Controller (CDC) servlet in Sun Java System Access Manager 6 2005Q1, 7 2005Q4, and 7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el Cross-Domain Controller (CDC) servlet en Sun Java System Access Manager v6 2005Q1, v7 2005Q4, y v7.1, permite a atacantes remotos ejecutar secuencias de comandos web o HTML de su elección a través de vectores no especificados. • http://secunia.com/advisories/35651 http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-256568-1 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020343.1-1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 1%CPEs: 36EXPL: 1

The login module in Sun Java System Access Manager 6 2005Q1 (aka 6.3), 7 2005Q4 (aka 7.0), and 7.1 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. El módulo de ingreso en Sun Java System Access Manager v6 2005Q1 (antes conocido como v6.3), v7 2005Q4 (antes conocido como v7.0), y v7.1. responde de manera diferente dependiendo de si la cuenta existe o no, lo que permite a atacantes remotos averiguar nombres de usuario válidos. • https://www.exploit-db.com/exploits/32762 http://secunia.com/advisories/33688 http://sunsolve.sun.com/search/document.do?assetkey=1-21-119465-15-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-242026-1 http://www.securityfocus.com/bid/33489 http://www.vupen.com/english/advisories/2009/0269 https://exchange.xforce.ibmcloud.com/vulnerabilities/48283 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •