CVE-2008-1204

Published Mar 8, 2008

Last updated 8 years ago

CVSS info 4.3

Overview

Description: Multiple cross-site scripting (XSS) vulnerabilities in the Administration Console in Sun Java System Access Manager 7.1 and 7 2005Q4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the (1) Help and (2) Version windows.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sun:java_system_access_manager:7.0:*:linux:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB0E6D4B-724D-4724-82A7-F2C2A966FB4E"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_access_manager:7.0_2005q4:*:hp-ux:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2807FF5E-F638-4F08-B34C-4532C1BC9908"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_access_manager:7.0_2005q4:*:solaris_sparc:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0320DBC3-7512-42EA-92C0-75D918BF27CC"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_access_manager:7.0_2005q4:*:solaris_x86:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7D31D3F6-0621-47FA-8F36-7A6ACF75F655"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_access_manager:7.0_2005q4:*:windows:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B7821A43-2549-4B75-A201-95A3AC58E8BF"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:hp-ux:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "589D3B3E-4F22-42B5-ADF1-C0537F85C4F8"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:linux:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4CCDA95C-0EFF-4CF4-8CC6-EF110F0DAE76"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_sparc:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F73D1848-D765-46B8-9B61-4A7A351CA6A0"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_x86:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "51834E30-6780-433E-9146-C4B8DEFF7CF4"
          },
          {
            "criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:windows:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "36C5F1CB-FEDE-4C19-B056-C846C86FDE8E"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References