PT-2008-6261 · Sun · Sun Java System Identity Manager
Publicado
2008-11-18
·
Atualizado
2018-10-11
·
CVE-2008-5115
CVSS v2.0
6.8
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Sun Java System Identity Manager versions 6.0 through 6.0 SP4
Sun Java System Identity Manager version 7.0
Sun Java System Identity Manager version 7.1
Description
A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of administrators for requests that update the password via the "idm/admin/changeself.jsp" endpoint.
Recommendations
For Sun Java System Identity Manager versions 6.0 through 6.0 SP4, consider restricting access to the "idm/admin/changeself.jsp" endpoint until a fix is available.
For Sun Java System Identity Manager version 7.0, consider restricting access to the "idm/admin/changeself.jsp" endpoint until a fix is available.
For Sun Java System Identity Manager version 7.1, consider restricting access to the "idm/admin/changeself.jsp" endpoint until a fix is available.
Exploit
Correção
CSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Sun Java System Identity Manager