CVE-2010-0311
https://notcve.org/view.php?id=CVE-2010-0311
Unspecified vulnerability in Sun Java System Identity Manager (aka IdM) 8.1.0.5 and 8.1.0.6, when Sun Java System Access Manager, OpenSSO Enterprise 8.0, or IBM Tivoli Access Manager is used, allows remote attackers to obtain administrative access via unknown vectors. Vulnerabilidad no especificada en Sun Java System Identity Manager (también conocido como IdM) v8.1.0.5 y v8.1.0.6, cuando se usa con Sun Java System Access Manager, OpenSSO Enterprise v8.0 o IBM Tivoli Access Manager, permite a atacantes remotos obtener acceso como administrador a través de vectores desconocidos. • http://osvdb.org/61658 http://secunia.com/advisories/38130 http://securitytracker.com/id?1023447 http://sunsolve.sun.com/search/document.do?assetkey=1-21-141642-08-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-275010-1 http://www.securityfocus.com/bid/37755 http://www.vupen.com/english/advisories/2010/0108 https://exchange.xforce.ibmcloud.com/vulnerabilities/55572 •
CVE-2008-2945
https://notcve.org/view.php?id=CVE-2008-2945
Sun Java System Access Manager 6.3 through 7.1 and Sun Java System Identity Server 6.1 and 6.2 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715, CVE-2007-3716, and CVE-2007-4289. Sun Java System Access Manager 6.3 hasta 7.1 y Sun Java System Identity Server 6.1 y 6.2 no procesa adecuadamente hojas de estilo XSLT en transformaciones XSLT de firmas XML. • http://secunia.com/advisories/30893 http://sunsolve.sun.com/search/document.do?assetkey=1-26-201538-1 http://support.avaya.com/elmodocs2/security/ASA-2008-294.htm http://www.securityfocus.com/bid/29988 http://www.securitytracker.com/id?1020380 http://www.vupen.com/english/advisories/2008/1967/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43429 • CWE-20: Improper Input Validation •