CVE-2009-1082
Published Mar 25, 2009
Last updated 16 years ago
Overview
- Description
- Sun Java System Identity Manager (IdM) 7.0 through 8.0 allows remote authenticated users to gain privileges by submitting crafted commands to the Admin Console, as demonstrated by privileges for account creation and other administrative capabilities, related to the saveNoValidate action and saveNoValidateAllowedFormsAndWorkflows IDs.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 9
- Impact score
- 10
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-20
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_identity_manager:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0980492E-B7DB-4B9F-A400-FDC47DB89A95"
},
{
"criteria": "cpe:2.3:a:sun:java_system_identity_manager:7.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3A5C87C0-3734-4568-97A6-6AB8979AABE7"
},
{
"criteria": "cpe:2.3:a:sun:java_system_identity_manager:7.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E1E3B2F0-90E6-4868-915F-87131711EEE5"
},
{
"criteria": "cpe:2.3:a:sun:java_system_identity_manager:8.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "90BC0B23-0CEE-489B-B89A-8776272EC8D2"
}
],
"operator": "OR"
}
]
}
]