CVSS: 4.0EPSS: 0%CPEs: 4EXPL: 1CVE-2009-1078
https://notcve.org/view.php?id=CVE-2009-1078
Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not enforce the expected privilege requirements for (1) deleting audit policies and (2) modifying workflows, which allows remote authenticated users to have an unspecified impact. Sun Java System Identity Manager (IdM) v7.0 a la v8.0 no impone los requisitos de privilegios esperados para (1) la eliminación de las políticas de auditoría (2) la modificación de flujos de trabajo, lo que permite a usuarios autenticados remotamente tener un impacto sin especificar. • http://blogs.sun.com/security/entry/sun_alert_253267_sun_java http://secunia.com/advisories/34380 http://securitytracker.com/id?1021881 http://sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1 http://www.securityfocus.com/bid/34191 http://www.vupen.com/english/advisories/2009/0797 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 1CVE-2009-1079
https://notcve.org/view.php?id=CVE-2009-1079
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager (IdM) 7.0 through 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs 19659, 19660, and 19683. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Sun Java System Identity Manager (IdM) v7.0 hasta v8.0 permite a atacantes remotos inyectar web script o HTML a través de vectores no especificados, también conocido como Bug IDs 19659, 19660, y 19683. • http://blogs.sun.com/security/entry/sun_alert_253267_sun_java http://secunia.com/advisories/34380 http://securitytracker.com/id?1021881 http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1 http://www.securityfocus.com/bid/34191 http://www.vupen.com/english/advisories/2009/0797 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 1CVE-2009-1074
https://notcve.org/view.php?id=CVE-2009-1074
Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not use SSL in all expected circumstances, which makes it easier for remote attackers to obtain sensitive information by sniffing the network, related to "ssl termination devices" and lack of support for relative URLs. Sun Java System Identity Manager (IdM) v7.0 y v8.0, no usa SSL en todas las circunstancias que cabría esperar, esto facilita a los atacantes remotos obtener información sensible rastreando la red. Está relacionado con "dispositivos de terminación ssl" y una carencia de soporte de URLs relativas. • http://blogs.sun.com/security/entry/sun_alert_253267_sun_java http://secunia.com/advisories/34380 http://securitytracker.com/id?1021881 http://sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1 http://www.securityfocus.com/bid/34191 http://www.vupen.com/english/advisories/2009/0797 • CWE-310: Cryptographic Issues •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2009-0877
https://notcve.org/view.php?id=CVE-2009-0877
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express allow remote attackers to inject arbitrary web script or HTML via the (1) Full Name or (2) Subject field. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados - XSS - en Sun Java System Communications Express que permite atacantes remotos inyectar una secuencia de comandos web o HTML a tra´ves del (1) Nombre completo o (2) campo asunto. • http://osvdb.org/52718 http://sosoblood.freehostia.com/SJSC/html_injection.gif http://www.securityfocus.com/archive/1/501672/100/0/threaded http://www.securityfocus.com/bid/34083 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2008-6192
https://notcve.org/view.php?id=CVE-2008-6192
Multiple cross-site scripting (XSS) vulnerabilities in unspecified Portlets in Sun Java System Portal Server 7.0 and 7.1 allow remote attackers to inject arbitrary web script or HTML via unknown vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Portlets no especificados en Sun Java System Portal Server 7.0 y 7.1 que permite a los atacantes remotos inyectar arbitrariamente secuencias de comandos web o HTML a través de vectores desconocidos. • http://secunia.com/advisories/31538 http://sunsolve.sun.com/search/document.do?assetkey=1-26-239308-1 http://www.securityfocus.com/bid/30738 http://www.securitytracker.com/id?1020706 http://www.vupen.com/english/advisories/2008/2404 https://exchange.xforce.ibmcloud.com/vulnerabilities/44531 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •