PT-2009-2853 · Sun · Sun Java System Access Manager

Published

2009-01-16

Updated

2017-08-08

CVE-2009-0169

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Sun Java System Access Manager version 7.1

Description The issue allows remote authenticated sub-realm administrators to gain privileges. This can be demonstrated by creating the amadmin account in the sub-realm and then logging in as amadmin in the root realm.

Recommendations For Sun Java System Access Manager version 7.1, consider restricting access to sub-realm administration functions to prevent unauthorized privilege escalation. As a temporary workaround, limit the creation of administrative accounts within sub-realms to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2009-0169

Affected Products

Sun Java System Access Manager

PT-2009-2853 · Sun · Sun Java System Access Manager

CVE-2009-0169

Weakness Enumeration

Related Identifiers

Affected Products

References · 7