- Description
- Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not properly restrict access to the System Configuration object, which allows remote authenticated administrators and possibly remote attackers to have an unspecified impact by modifying this object.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 6.4
- Impact score
- 4.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:N
- nvd@nist.gov
- CWE-264
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_identity_manager:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0980492E-B7DB-4B9F-A400-FDC47DB89A95"
},
{
"criteria": "cpe:2.3:a:sun:java_system_identity_manager:7.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3A5C87C0-3734-4568-97A6-6AB8979AABE7"
},
{
"criteria": "cpe:2.3:a:sun:java_system_identity_manager:7.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E1E3B2F0-90E6-4868-915F-87131711EEE5"
},
{
"criteria": "cpe:2.3:a:sun:java_system_identity_manager:8.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "90BC0B23-0CEE-489B-B89A-8776272EC8D2"
}
],
"operator": "OR"
}
]
}
]