CVE-2009-0169

Name of the Vulnerable Software and Affected Versions Sun Java System Access Manager version 7.1

Description The issue allows remote authenticated sub-realm administrators to gain privileges. This can be demonstrated by creating the amadmin account in the sub-realm and then logging in as amadmin in the root realm.

Recommendations For Sun Java System Access Manager version 7.1, consider restricting access to sub-realm administration functions to prevent unauthorized privilege escalation. As a temporary workaround, limit the creation of administrative accounts within sub-realms to minimize the risk of exploitation.