CVE-2009-0857

Name of the Vulnerable Software and Affected Versions Sun Management Center (SunMC) versions 3.6.1 through 4.0

Description A cross-site scripting (XSS) issue exists in the Performance Reporting Module (PRM) for SunMC, specifically in the /prm/reports endpoint, allowing remote attackers to inject arbitrary web script or HTML via the msg parameter. This can be leveraged for unauthorized access to the SunMC Web Console.

Recommendations For SunMC version 3.6.1, update to a version that addresses this issue. For SunMC version 4.0, update to a version that addresses this issue. As a temporary workaround, consider restricting access to the /prm/reports endpoint until a patch is available. Avoid using the msg parameter in the affected API endpoint until the issue is resolved.