PT-2008-6261 · Sun · Sun Java System Identity Manager
Published
2008-11-18
·
Updated
2018-10-11
·
CVE-2008-5115
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Sun Java System Identity Manager versions 6.0 through 6.0 SP4
Sun Java System Identity Manager version 7.0
Sun Java System Identity Manager version 7.1
Description
A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of administrators for requests that update the password via the "idm/admin/changeself.jsp" endpoint.
Recommendations
For Sun Java System Identity Manager versions 6.0 through 6.0 SP4, consider restricting access to the "idm/admin/changeself.jsp" endpoint until a fix is available.
For Sun Java System Identity Manager version 7.0, consider restricting access to the "idm/admin/changeself.jsp" endpoint until a fix is available.
For Sun Java System Identity Manager version 7.1, consider restricting access to the "idm/admin/changeself.jsp" endpoint until a fix is available.
Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sun Java System Identity Manager