CVE-2008-1204

Name of the Vulnerable Software and Affected Versions Sun Java System Access Manager versions 7.1 and 7 2005Q4

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the Administration Console. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the Help and Version windows.

Recommendations For Sun Java System Access Manager versions 7.1 and 7 2005Q4, consider disabling access to the Help and Version windows in the Administration Console as a temporary workaround until a patch is available. Restrict input validation for these windows to minimize the risk of exploitation.