PT-2009-3657 · Sun · Sun Java System Identity Manager

Published

2009-03-25

Updated

2009-10-06

CVE-2009-1078

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Sun Java System Identity Manager (IdM) versions 7.0 through 8.0

Description The issue concerns the lack of proper privilege enforcement in Sun Java System Identity Manager (IdM) for certain actions, specifically deleting audit policies and modifying workflows. This allows remote authenticated users to potentially have an impact on the system.

Recommendations For versions 7.0 through 8.0, consider restricting access to the affected functionalities, such as deleting audit policies and modifying workflows, to authorized users only until a proper fix is applied.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2009-1078

Affected Products

Sun Java System Identity Manager

PT-2009-3657 · Sun · Sun Java System Identity Manager

CVE-2009-1078

Weakness Enumeration

Related Identifiers

Affected Products

References · 8