CVE-2009-1082

Name of the Vulnerable Software and Affected Versions Sun Java System Identity Manager (IdM) versions 7.0 through 8.0

Description The issue allows remote authenticated users to gain privileges by submitting crafted commands to the Admin Console. This can be demonstrated by gaining privileges for account creation and other administrative capabilities. The issue is related to the saveNoValidate action and saveNoValidateAllowedFormsAndWorkflows IDs.

Recommendations For Sun Java System Identity Manager (IdM) versions 7.0 through 8.0, consider restricting access to the Admin Console to minimize the risk of exploitation. As a temporary workaround, consider disabling the saveNoValidate action until a patch is available. Restrict the use of saveNoValidateAllowedFormsAndWorkflows IDs to prevent unauthorized access to administrative capabilities.