CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2009-1077
https://notcve.org/view.php?id=CVE-2009-1077
The Change My Password implementation in the admin interface in Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not enforce the RequiresChallenge property setting, which allows remote authenticated users to change the passwords of other users, as demonstrated by changing the administrator's password. La implementación de Change My Password en el intefase de administración en Sun Java System Identity Manager (IdM) v7.0 hasta v8.0 no refuerza el valor de la propiedad RequiresChallenge, lo que permite a usuarios remotos autenticados cambiar la contraseña a otros usuarios, como se demostró cambiando la contraseña al administrador. • http://blogs.sun.com/security/entry/sun_alert_253267_sun_java http://secunia.com/advisories/34380 http://securitytracker.com/id?1021881 http://sunsolve.sun.com/search/document.do?assetkey=1-21-137621-11-1 http://sunsolve.sun.com/search/document.do?assetkey=1-21-139010-06-1 http://sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1 http://sunsolve.sun.com/search/document.do? • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0CVE-2009-1084
https://notcve.org/view.php?id=CVE-2009-1084
Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not properly restrict access to the System Configuration object, which allows remote authenticated administrators and possibly remote attackers to have an unspecified impact by modifying this object. Sun Java System Identity Manager (IdM) v7.0 a la v8.0, no restringe adecuadamente el acceso al objeto System Configuration, lo que permite a administradores autenticados remotamente y posiblemente a atacantes remotos, provocar un impacto desconocido mediante la modificación de este objeto. • http://blogs.sun.com/security/entry/sun_alert_253267_sun_java http://secunia.com/advisories/34380 http://securitytracker.com/id?1021881 http://sunsolve.sun.com/search/document.do?assetkey=1-21-139010-06-1 http://sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1 http://www.securityfocus.com/bid/34191 http://www.vupen.com/english/advisories/2009/0797 https://exchange.xforce.ibmcloud.com/vulnerabiliti • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 1CVE-2009-1080
https://notcve.org/view.php?id=CVE-2009-1080
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager (IdM) 7.0 through 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID 19033. Vulnerabilidad múltiple de ejecución de secuencias de comandos en sitios cruzados - XSS - en Sun Java System Identity Manager (IdM) 7.0 hasta 8.0 que permite a los atacantes remotos inyectar arbitrariamente una secuencia de comandos web o HTML a través de vectores no especificados, también conocidos como Bug ID 19033. • http://blogs.sun.com/security/entry/sun_alert_253267_sun_java http://secunia.com/advisories/34380 http://securitytracker.com/id?1021881 http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1 http://www.securityfocus.com/bid/34191 http://www.vupen.com/english/advisories/2009/0797 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2009-1076
https://notcve.org/view.php?id=CVE-2009-1076
Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds differently to failed use of the end-user question-based login feature depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. Sun Java System Identity Manager (IdM) v7.0 hasta v8.0 responde de forma diferente a la no utilización de usuario final de una cuestión basada en la característica de inicio de sesión dependiendo de si la cuenta de usuario existe, lo cual permite a atacantes remotos enumerar nombres de usuario válidos. • http://blogs.sun.com/security/entry/sun_alert_253267_sun_java http://secunia.com/advisories/34380 http://securitytracker.com/id?1021881 http://sunsolve.sun.com/search/document.do?assetkey=1-21-137621-11-1 http://sunsolve.sun.com/search/document.do?assetkey=1-21-140936-01-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1 http://www.securityfocus.com/bid/34191 http://www.vupen.com/english/advisories/2009/0797 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2009-1083
https://notcve.org/view.php?id=CVE-2009-1083
Sun Java System Identity Manager (IdM) 7.0 through 8.0 on Linux, AIX, Solaris, and HP-UX permits "control characters" in the passwords of user accounts, which allows remote attackers to execute arbitrary commands via vectors involving "resource adapters." Sun Java System Identity Manager (IdM) v7.0 through v8.0 sobre Linux, AIX, Solaris, y HP-UX, permite "el control de caracteres" en las contraseñas de las cuentas de usuario, lo que permite a atacantes remotos la ejecución de comandos de su elección a través de vectores que involucran a los "resource adapters". • http://blogs.sun.com/security/entry/sun_alert_253267_sun_java http://secunia.com/advisories/34380 http://securitytracker.com/id?1021881 http://sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1 http://www.securityfocus.com/bid/34191 http://www.vupen.com/english/advisories/2009/0797 • CWE-94: Improper Control of Generation of Code ('Code Injection') •