Directory Traversal Vulnerability in Sun Java System Identity Manager
CVE-2008-5116

Currently unrated

Key Information:

Vendor: Oracle
Status: Java System Identity Manager
Vendor: CVE Published:; 18 November 2008

Summary

A directory traversal vulnerability exists in the helpServer.jsp file of Sun Java System Identity Manager versions 6.0 through 6.0 SP4, and 7.0 to 7.1. This flaw allows remote attackers to exploit the 'ext' parameter by using directory traversal sequences, potentially leading to unauthorized access to arbitrary files within the filesystem of the IDM server. Such exploitation can expose sensitive information and compromise the integrity of the system.

References

http://sunsolve.sun.com/search/document.do?assetkey=1-26-...

vendor-advisoryx_refsource_SUNALERT

http://secunia.com/advisories/32606

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/46554

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Nov 18, 2008
Vulnerability Reserved
Nov 17, 2008