Access Control Vulnerability in Sun Ray Server Software by Sun Microsystems
CVE-2008-5422

Currently unrated

Key Information:

Vendor: Oracle
Status: Ray Server Software
Vendor: CVE Published:; 11 December 2008

Summary

The Sun Ray Server Software versions 3.1 through 4.0 has a vulnerability that fails to adequately restrict access control. This flaw potentially allows remote attackers to exploit unspecified vectors to discover the administrator password. Once compromised, attackers can gain unauthorized access to the Data Store and the Administration GUI, leading to serious security breaches. Administrators are advised to implement additional security measures to protect sensitive credentials and access points.

References

http://support.avaya.com/elmodocs2/security/ASA-2008-502.htm

x_refsource_CONFIRM

http://secunia.com/advisories/33108

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/32769

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Dec 11, 2008
Vulnerability Reserved
Dec 11, 2008