PT-2009-3662 · Sun · Sun Java System Identity Manager
Published
2009-03-25
·
Updated
2009-10-06
·
CVE-2009-1083
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Sun Java System Identity Manager (IdM) versions 7.0 through 8.0
Description
The issue allows remote attackers to execute arbitrary commands due to the presence of "control characters" in user account passwords. This is achieved through vectors involving "resource adapters."
Recommendations
For versions 7.0 through 8.0, consider restricting the use of "resource adapters" until a fix is available, and ensure that passwords do not contain "control characters" to minimize the risk of exploitation.
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sun Java System Identity Manager