PT-2009-3657 · Sun · Sun Java System Identity Manager

Publicado

2009-03-25

Atualizado

2009-10-06

CVE-2009-1078

CVSS v2.0

4.0

Média

Vetor

AV:N/AC:L/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Sun Java System Identity Manager (IdM) versions 7.0 through 8.0

Description The issue concerns the lack of proper privilege enforcement in Sun Java System Identity Manager (IdM) for certain actions, specifically deleting audit policies and modifying workflows. This allows remote authenticated users to potentially have an impact on the system.

Recommendations For versions 7.0 through 8.0, consider restricting access to the affected functionalities, such as deleting audit policies and modifying workflows, to authorized users only until a proper fix is applied.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

CVE-2009-1078

Produtos afetados

Sun Java System Identity Manager

PT-2009-3657 · Sun · Sun Java System Identity Manager

CVE-2009-1078

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8