vendor:
Java System Identity Manager
by:
SecurityFocus
9.3
CVSS
HIGH
Cross-Site Request Forgery, Cross-Site Scripting, HTML Injection, Directory Traversal
352, 79, 22, 22
CWE
Product Name: Java System Identity Manager
Affected Version From: Sun Java System Identity Manager 6.0
Affected Version To: Sun Java System Identity Manager 7.1
Patch Exists: Yes
Related CWE: N/A
CPE: a:sun:java_system_identity_manager
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
Sun Java System Identity Manager Multiple Web-Interface Vulnerabilities
Sun Java System Identity Manager is prone to multiple web-interface vulnerabilities, including a cross-site request-forgery issue, multiple cross-site scripting issues, multiple HTML-injection issues, and a directory-traversal vulnerability. Successful exploits of many of these issues will allow an attacker to completely compromise the affected application. The example exploit code provided changes the administrative password to 'Password19'.
Mitigation:
Ensure that all system and software components are kept up to date with the latest security patches and updates.
