Lucene search

MitreCVELIST:CVE-2009-1082

HistoryMar 25, 2009 - 3:00 p.m.

CVE-2009-1082

2009-03-2515:00:00

mitre

www.cve.org

cve-2009-1082

remote authenticated users

gain privileges

admin console

crafted commands

account creation

administrative capabilities

savenovalidate action

savenovalidateallowedformsandworkflows ids

AI Score

6.8

Confidence

Low

EPSS

0.004

Percentile

73.3%

JSON

Sun Java System Identity Manager (IdM) 7.0 through 8.0 allows remote authenticated users to gain privileges by submitting crafted commands to the Admin Console, as demonstrated by privileges for account creation and other administrative capabilities, related to the saveNoValidate action and saveNoValidateAllowedFormsAndWorkflows IDs.

References

blogs.sun.com/security/entry/sun_alert_253267_sun_java

secunia.com/advisories/34380

securitytracker.com/id?1021881

sunsolve.sun.com/search/document.do?assetkey=1-21-137621-11-1

sunsolve.sun.com/search/document.do?assetkey=1-21-139010-06-1

sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1

sunsolve.sun.com/search/document.do?assetkey=1-21-140936-01-1

sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1

www.securityfocus.com/bid/34191

www.vupen.com/english/advisories/2009/0797