CVSS: 6.8EPSS: 1%CPEs: 7EXPL: 1CVE-2008-5115 – Sun Java System Identity Manager 6.0/7.x - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-5115
Cross-site request forgery (CSRF) vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to hijack the authentication of administrators for requests that update the password via idm/admin/changeself.jsp. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en Sun Java System Identity Manager en versiones 6.0 hasta 6.0 SP4 , versiones 7.0 y 7.1, permite a los atacantes remotos secuestrar la autenticación de administradores para peticiones que actualizan la contraseña por medio del archivo idm/admin/changeself.jsp. • https://www.exploit-db.com/exploits/32579 http://osvdb.org/49766 http://secunia.com/advisories/32606 http://sunsolve.sun.com/search/document.do?assetkey=1-26-243386-1 http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr07-11 http://www.securityfocus.com/archive/1/498479/100/0/threaded http://www.securityfocus.com/bid/32262 http://www.securitytracker.com/id?1021170 http://www.vupen.com/english/advisories/2008/3128 https://exchange.xforce.ibmcloud.com/vulnerabilities/ • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2008-5114
https://notcve.org/view.php?id=CVE-2008-5114
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Sun Java System Identity Manager v6.0 a v6.0 SP4, v7.0 y v7.1, permite a atacantes remotos inyectar web script o HTML a través de vectores no especificados. • http://osvdb.org/49765 http://secunia.com/advisories/32606 http://sunsolve.sun.com/search/document.do?assetkey=1-26-243386-1 http://www.securityfocus.com/bid/32262 http://www.securitytracker.com/id?1021170 http://www.vupen.com/english/advisories/2008/3128 https://exchange.xforce.ibmcloud.com/vulnerabilities/46552 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 1%CPEs: 7EXPL: 1CVE-2008-5116
https://notcve.org/view.php?id=CVE-2008-5116
Directory traversal vulnerability in idm/includes/helpServer.jsp in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to read arbitrary files in the filesystem of the IDM server via directory traversal sequences in the ext parameter. Una vulnerabilidad de salto de directorio en el archivo idm/includes/helpServer.jsp en Sun Java System Identity Manager versiones 6.0 hasta 6.0 SP4, y versiones 7.0 y 7.1, permite a los atacantes remotos leer archivos arbitrarios en el sistema de archivos del servidor IDM por medio de secuencias de salto de directorio en el parámetro ext. • http://osvdb.org/49767 http://secunia.com/advisories/32606 http://sunsolve.sun.com/search/document.do?assetkey=1-26-243386-1 http://www.procheckup.com/Vulnerability_PR08-09.php http://www.securityfocus.com/archive/1/498487/100/0/threaded http://www.securityfocus.com/bid/32262 http://www.securitytracker.com/id?1021170 http://www.vupen.com/english/advisories/2008/3128 https://exchange.xforce.ibmcloud.com/vulnerabilities/46554 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.4EPSS: 0%CPEs: 7EXPL: 0CVE-2008-5117
https://notcve.org/view.php?id=CVE-2008-5117
Open redirect vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Vulnerabilidad involuntaria de redirección en Sun Java System Identity Manager v6.0 a v6.0 SP4, v7.0, y v7.1, permite a atacantes remotos, redireccionar a usuarios a sitios web de su elección y llevar a cabo ataques de phishing a través de vectores no especificados. • http://osvdb.org/49768 http://secunia.com/advisories/32606 http://sunsolve.sun.com/search/document.do?assetkey=1-26-243386-1 http://www.securityfocus.com/bid/32262 http://www.securitytracker.com/id?1021170 http://www.vupen.com/english/advisories/2008/3128 https://exchange.xforce.ibmcloud.com/vulnerabilities/46556 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2008-5118
https://notcve.org/view.php?id=CVE-2008-5118
Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to inject frames from arbitrary web sites and conduct phishing attacks via unspecified vectors, related to "frame injection." Sun Java System Identity Manager en las versiones 6.0, 6.0 Service Pack 4, 7.0, y 7.1 permite a atacantes remotos inyectar marcos de sitios web arbitrarios y llevar a cabo ataques de phishing a través de vectores no especificados, relacionados con "inyección de marcos". • http://osvdb.org/49769 http://secunia.com/advisories/32606 http://sunsolve.sun.com/search/document.do?assetkey=1-26-243386-1 http://www.securityfocus.com/bid/32262 http://www.securitytracker.com/id?1021170 http://www.vupen.com/english/advisories/2008/3128 https://exchange.xforce.ibmcloud.com/vulnerabilities/46555 •