Privilege Escalation in Sun Java System Access Manager 7.1
CVE-2009-0169

Currently unrated

Key Information:

Vendor: Oracle
Status: Java System Access Manager
Vendor: CVE Published:; 16 January 2009

Summary

The Sun Java System Access Manager 7.1 has a vulnerability that permits remote authenticated sub-realm administrators to elevate their privileges. This occurs through the creation of an 'amadmin' account within a sub-realm. Once established, these administrators can exploit their elevated status to log in as 'amadmin' in the root realm, thereby gaining unauthorized access and control over sensitive system functions.

References

http://www.securitytracker.com/id?1021604

vdb-entryx_refsource_SECTRACK

http://sunsolve.sun.com/search/document.do?assetkey=1-21-...

x_refsource_CONFIRM

http://www.vupen.com/english/advisories/2009/0157

vdb-entryx_refsource_VUPEN

Timeline

Vulnerability published
Jan 16, 2009
Vulnerability Reserved
Jan 16, 2009