CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2010-4444
https://notcve.org/view.php?id=CVE-2010-4444
19 Jan 2011 — Unspecified vulnerability in Oracle Sun Java System Access Manager and Oracle OpenSSO 7, 7.1, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Vulnerabilidad no especificada en Oracle Sun Java System Access Manager y Oracle OpenSSO v7, v7.1 y v8 permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a través de vectores desconocidos. • http://osvdb.org/70579 •
CVSS: 5.5EPSS: 0%CPEs: 32EXPL: 0CVE-2009-2712
https://notcve.org/view.php?id=CVE-2009-2712
07 Aug 2009 — Sun Java System Access Manager 6.3 2005Q1, 7.0 2005Q4, and 7.1; and OpenSSO Enterprise 8.0; when AMConfig.properties enables the debug flag, allows local users to discover cleartext passwords by reading debug files. Sun Java System Access Manager v6.3 2005Q1, v7.0 2005Q4, y v7.1; y OpenSSO Enterprise v8.0; cuando AMConfig.properties permite a la marca de depuración, permite a los usuarios locales descubrir contraseñas en texto claro mediante la lectura de archivos de depuración. • http://osvdb.org/56815 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 31EXPL: 0CVE-2009-2713
https://notcve.org/view.php?id=CVE-2009-2713
07 Aug 2009 — The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4 and 7.1, when Cross Domain Single Sign On (CDSSO) is enabled, does not ensure that "policy advice" is presented to the correct client, which allows remote attackers to obtain sensitive information via unspecified vectors. El componente CDCServlet en Sun Java System Access Manager v7.0 2005Q4 y v7.1, cuando Cross Domain Single Sign On (CDSSO) está habilitado, no garantiza que "policy advice" (aviso de políticas) se presenta al cliente corr... • http://secunia.com/advisories/36167 •
CVSS: 6.1EPSS: 0%CPEs: 26EXPL: 0CVE-2009-2268
https://notcve.org/view.php?id=CVE-2009-2268
01 Jul 2009 — Cross-site scripting (XSS) vulnerability in the Cross-Domain Controller (CDC) servlet in Sun Java System Access Manager 6 2005Q1, 7 2005Q4, and 7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el Cross-Domain Controller (CDC) servlet en Sun Java System Access Manager v6 2005Q1, v7 2005Q4, y v7.1, permite a atacantes remotos ejecutar secuencias de comandos web o HTML de su elección a t... • http://secunia.com/advisories/35651 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 8%CPEs: 36EXPL: 1CVE-2009-0348 – Sun Java System Access Manager 7.1 - 'Username' Enumeration
https://notcve.org/view.php?id=CVE-2009-0348
29 Jan 2009 — The login module in Sun Java System Access Manager 6 2005Q1 (aka 6.3), 7 2005Q4 (aka 7.0), and 7.1 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. El módulo de ingreso en Sun Java System Access Manager v6 2005Q1 (antes conocido como v6.3), v7 2005Q4 (antes conocido como v7.0), y v7.1. responde de manera diferente dependiendo de si la cuenta existe o no, lo que permite a atacantes remotos averiguar nombre... • https://www.exploit-db.com/exploits/32762 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 1%CPEs: 4EXPL: 0CVE-2009-0169
https://notcve.org/view.php?id=CVE-2009-0169
16 Jan 2009 — Sun Java System Access Manager 7.1 allows remote authenticated sub-realm administrators to gain privileges, as demonstrated by creating the amadmin account in the sub-realm, and then logging in as amadmin in the root realm. Sun Java System Access Manager v7.1 permite a administradores autenticados sub-realm obtener privilegios, como se ha demostrado mediante la creación de una cuenta amadmin en el sub-realm, y entonces entran como amadmin en la raíz realm. • http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-02-1 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2009-0170
https://notcve.org/view.php?id=CVE-2009-0170
16 Jan 2009 — Sun Java System Access Manager 6.3 2005Q1, 7 2005Q4, and 7.1 allows remote authenticated users with console privileges to discover passwords, and obtain unspecified other "access to resources," by visiting the Configuration Items component in the console. Sun Java System Access Manager v6.3 2005Q1, v7 2005Q4, y v7.1 permite a atacantes remotos autenticar usuarios con privilegios de consola para descubrir contraseñas, y obtener otros "accesos a recursos" no especificados, visitando el componente Configuratio... • http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-02-1 • CWE-255: Credentials Management Errors CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2008-4747
https://notcve.org/view.php?id=CVE-2008-4747
27 Oct 2008 — Unspecified vulnerability in the search feature in Sun Java System LDAP JDK before 4.20 allows context-dependent attackers to obtain sensitive information via unknown attack vectors related to the LDAP JDK library. Vulnerabilidad no especificada en la característica de búsqueda de Sun Java System LDAP JDK anterior a v4.20; permite a atacantes dependientes del contexto obtener información sensible a través de vectores de ataque desconocidos relacionados con la biblioteca LDAP JDK. • http://secunia.com/advisories/32327 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2008-2945
https://notcve.org/view.php?id=CVE-2008-2945
30 Jun 2008 — Sun Java System Access Manager 6.3 through 7.1 and Sun Java System Identity Server 6.1 and 6.2 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715, CVE-2007-3716, and CVE-2007-4289. Sun Java System Access Manager 6.3 hasta 7.1 y Sun Java System Identity Server 6.1 y 6.2 no procesa adecuadamente hojas de estilo XSLT en transformaciones XSLT de firmas XML. • http://secunia.com/advisories/30893 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2008-2705
https://notcve.org/view.php?id=CVE-2008-2705
16 Jun 2008 — Unspecified vulnerability in Sun Java System Access Manager (AM) 7.1, when used with certain versions and configurations of Sun Directory Server Enterprise Edition (DSEE), allows remote attackers to bypass authentication via unspecified vectors. Vulnerabilidad no especificada en Sun Java System Access Manager (AM) 7.1, cuando se utiliza con determinadas versiones y configuraciones del Sun Directory Server Enterprise Edition (DSEE), permite a atacantes remotos evitar la autenticación a través de vectores no ... • http://secunia.com/advisories/30652 • CWE-287: Improper Authentication •