CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 0CVE-2010-0311
https://notcve.org/view.php?id=CVE-2010-0311
14 Jan 2010 — Unspecified vulnerability in Sun Java System Identity Manager (aka IdM) 8.1.0.5 and 8.1.0.6, when Sun Java System Access Manager, OpenSSO Enterprise 8.0, or IBM Tivoli Access Manager is used, allows remote attackers to obtain administrative access via unknown vectors. Vulnerabilidad no especificada en Sun Java System Identity Manager (también conocido como IdM) v8.1.0.5 y v8.1.0.6, cuando se usa con Sun Java System Access Manager, OpenSSO Enterprise v8.0 o IBM Tivoli Access Manager, permite a atacantes remo... • http://osvdb.org/61658 •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2009-1074
https://notcve.org/view.php?id=CVE-2009-1074
25 Mar 2009 — Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not use SSL in all expected circumstances, which makes it easier for remote attackers to obtain sensitive information by sniffing the network, related to "ssl termination devices" and lack of support for relative URLs. Sun Java System Identity Manager (IdM) v7.0 y v8.0, no usa SSL en todas las circunstancias que cabría esperar, esto facilita a los atacantes remotos obtener información sensible rastreando la red. Está relacionado con "dispositivos d... • http://blogs.sun.com/security/entry/sun_alert_253267_sun_java • CWE-310: Cryptographic Issues •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 1CVE-2009-1081
https://notcve.org/view.php?id=CVE-2009-1081
25 Mar 2009 — Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager (IdM) 7.0 through 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs 19595 and 19661. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Sun Java System Identity Manager (IdM) v7.0 a v8.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de vectores sin especificar, también conocido como Bug IDs ... • http://blogs.sun.com/security/entry/sun_alert_253267_sun_java • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2009-1082
https://notcve.org/view.php?id=CVE-2009-1082
25 Mar 2009 — Sun Java System Identity Manager (IdM) 7.0 through 8.0 allows remote authenticated users to gain privileges by submitting crafted commands to the Admin Console, as demonstrated by privileges for account creation and other administrative capabilities, related to the saveNoValidate action and saveNoValidateAllowedFormsAndWorkflows IDs. Sun Java System Identity Manager (IdM) v7.0 hasta v8.0, permite a usuarios autenticados en remoto ganar privilegios al enviar comandos manipulados a la Consola Admin, como se h... • http://blogs.sun.com/security/entry/sun_alert_253267_sun_java • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 1%CPEs: 4EXPL: 0CVE-2009-1076
https://notcve.org/view.php?id=CVE-2009-1076
25 Mar 2009 — Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds differently to failed use of the end-user question-based login feature depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. Sun Java System Identity Manager (IdM) v7.0 hasta v8.0 responde de forma diferente a la no utilización de usuario final de una cuestión basada en la característica de inicio de sesión dependiendo de si la cuenta de usuario existe, lo cual permite a atacantes remotos enum... • http://blogs.sun.com/security/entry/sun_alert_253267_sun_java • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2009-1084
https://notcve.org/view.php?id=CVE-2009-1084
25 Mar 2009 — Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not properly restrict access to the System Configuration object, which allows remote authenticated administrators and possibly remote attackers to have an unspecified impact by modifying this object. Sun Java System Identity Manager (IdM) v7.0 a la v8.0, no restringe adecuadamente el acceso al objeto System Configuration, lo que permite a administradores autenticados remotamente y posiblemente a atacantes remotos, provocar un impacto desconocido me... • http://blogs.sun.com/security/entry/sun_alert_253267_sun_java • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1CVE-2009-1078
https://notcve.org/view.php?id=CVE-2009-1078
25 Mar 2009 — Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not enforce the expected privilege requirements for (1) deleting audit policies and (2) modifying workflows, which allows remote authenticated users to have an unspecified impact. Sun Java System Identity Manager (IdM) v7.0 a la v8.0 no impone los requisitos de privilegios esperados para (1) la eliminación de las políticas de auditoría (2) la modificación de flujos de trabajo, lo que permite a usuarios autenticados remotamente tener un impacto sin ... • http://blogs.sun.com/security/entry/sun_alert_253267_sun_java • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.1EPSS: 1%CPEs: 4EXPL: 1CVE-2009-1077
https://notcve.org/view.php?id=CVE-2009-1077
25 Mar 2009 — The Change My Password implementation in the admin interface in Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not enforce the RequiresChallenge property setting, which allows remote authenticated users to change the passwords of other users, as demonstrated by changing the administrator's password. La implementación de Change My Password en el intefase de administración en Sun Java System Identity Manager (IdM) v7.0 hasta v8.0 no refuerza el valor de la propiedad RequiresChallenge, lo que perm... • http://blogs.sun.com/security/entry/sun_alert_253267_sun_java • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 1CVE-2009-1079
https://notcve.org/view.php?id=CVE-2009-1079
25 Mar 2009 — Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager (IdM) 7.0 through 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs 19659, 19660, and 19683. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Sun Java System Identity Manager (IdM) v7.0 hasta v8.0 permite a atacantes remotos inyectar web script o HTML a través de vectores no especificados, también conocido como Bug IDs 19659, 19660, y 19... • http://blogs.sun.com/security/entry/sun_alert_253267_sun_java • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2009-1083
https://notcve.org/view.php?id=CVE-2009-1083
25 Mar 2009 — Sun Java System Identity Manager (IdM) 7.0 through 8.0 on Linux, AIX, Solaris, and HP-UX permits "control characters" in the passwords of user accounts, which allows remote attackers to execute arbitrary commands via vectors involving "resource adapters." Sun Java System Identity Manager (IdM) v7.0 through v8.0 sobre Linux, AIX, Solaris, y HP-UX, permite "el control de caracteres" en las contraseñas de las cuentas de usuario, lo que permite a atacantes remotos la ejecución de comandos de su elección a travé... • http://blogs.sun.com/security/entry/sun_alert_253267_sun_java • CWE-94: Improper Control of Generation of Code ('Code Injection') •