PT-2009-3662 · Sun · Sun Java System Identity Manager

Publicado

2009-03-25

Atualizado

2009-10-06

CVE-2009-1083

CVSS v2.0

9.0

Alta

Vetor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Sun Java System Identity Manager (IdM) versions 7.0 through 8.0

Description The issue allows remote attackers to execute arbitrary commands due to the presence of "control characters" in user account passwords. This is achieved through vectors involving "resource adapters."

Recommendations For versions 7.0 through 8.0, consider restricting the use of "resource adapters" until a fix is available, and ensure that passwords do not contain "control characters" to minimize the risk of exploitation.

Correção

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94

Identificadores relacionados

CVE-2009-1083

Produtos afetados

Sun Java System Identity Manager

PT-2009-3662 · Sun · Sun Java System Identity Manager

CVE-2009-1083

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8