CVSS: 6.0EPSS: 0%CPEs: 3EXPL: 0CVE-2009-0170
https://notcve.org/view.php?id=CVE-2009-0170
Sun Java System Access Manager 6.3 2005Q1, 7 2005Q4, and 7.1 allows remote authenticated users with console privileges to discover passwords, and obtain unspecified other "access to resources," by visiting the Configuration Items component in the console. Sun Java System Access Manager v6.3 2005Q1, v7 2005Q4, y v7.1 permite a atacantes remotos autenticar usuarios con privilegios de consola para descubrir contraseñas, y obtener otros "accesos a recursos" no especificados, visitando el componente Configuration Items en la consola. • http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-02-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-242166-1 http://www.securityfocus.com/bid/33265 http://www.securitytracker.com/id?1021605 http://www.vupen.com/english/advisories/2009/0156 https://exchange.xforce.ibmcloud.com/vulnerabilities/47942 • CWE-255: Credentials Management Errors CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2009-0169
https://notcve.org/view.php?id=CVE-2009-0169
Sun Java System Access Manager 7.1 allows remote authenticated sub-realm administrators to gain privileges, as demonstrated by creating the amadmin account in the sub-realm, and then logging in as amadmin in the root realm. Sun Java System Access Manager v7.1 permite a administradores autenticados sub-realm obtener privilegios, como se ha demostrado mediante la creación de una cuenta amadmin en el sub-realm, y entonces entran como amadmin en la raíz realm. • http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-02-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-249106-1 http://www.securityfocus.com/bid/33266 http://www.securitytracker.com/id?1021604 http://www.vupen.com/english/advisories/2009/0157 https://exchange.xforce.ibmcloud.com/vulnerabilities/47944 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.1EPSS: 0%CPEs: 6EXPL: 0CVE-2008-4747
https://notcve.org/view.php?id=CVE-2008-4747
Unspecified vulnerability in the search feature in Sun Java System LDAP JDK before 4.20 allows context-dependent attackers to obtain sensitive information via unknown attack vectors related to the LDAP JDK library. Vulnerabilidad no especificada en la característica de búsqueda de Sun Java System LDAP JDK anterior a v4.20; permite a atacantes dependientes del contexto obtener información sensible a través de vectores de ataque desconocidos relacionados con la biblioteca LDAP JDK. • http://secunia.com/advisories/32327 http://sunsolve.sun.com/search/document.do?assetkey=1-26-242246-1 http://www.securityfocus.com/bid/31905 http://www.securitytracker.com/id?1021103 http://www.vupen.com/english/advisories/2008/2916 https://exchange.xforce.ibmcloud.com/vulnerabilities/46074 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0CVE-2008-2945
https://notcve.org/view.php?id=CVE-2008-2945
Sun Java System Access Manager 6.3 through 7.1 and Sun Java System Identity Server 6.1 and 6.2 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715, CVE-2007-3716, and CVE-2007-4289. Sun Java System Access Manager 6.3 hasta 7.1 y Sun Java System Identity Server 6.1 y 6.2 no procesa adecuadamente hojas de estilo XSLT en transformaciones XSLT de firmas XML. • http://secunia.com/advisories/30893 http://sunsolve.sun.com/search/document.do?assetkey=1-26-201538-1 http://support.avaya.com/elmodocs2/security/ASA-2008-294.htm http://www.securityfocus.com/bid/29988 http://www.securitytracker.com/id?1020380 http://www.vupen.com/english/advisories/2008/1967/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43429 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 2%CPEs: 1EXPL: 0CVE-2008-2705
https://notcve.org/view.php?id=CVE-2008-2705
Unspecified vulnerability in Sun Java System Access Manager (AM) 7.1, when used with certain versions and configurations of Sun Directory Server Enterprise Edition (DSEE), allows remote attackers to bypass authentication via unspecified vectors. Vulnerabilidad no especificada en Sun Java System Access Manager (AM) 7.1, cuando se utiliza con determinadas versiones y configuraciones del Sun Directory Server Enterprise Edition (DSEE), permite a atacantes remotos evitar la autenticación a través de vectores no especificados. • http://secunia.com/advisories/30652 http://sunsolve.sun.com/search/document.do?assetkey=1-26-238416-1 http://www.securityfocus.com/bid/29676 http://www.securitytracker.com/id?1020273 http://www.vupen.com/english/advisories/2008/1806 https://exchange.xforce.ibmcloud.com/vulnerabilities/43004 • CWE-287: Improper Authentication •