Privilege Escalation in Sun Java System Identity Manager by Authenticated Users
CVE-2009-1082

Currently unrated

Key Information:

Vendor

Oracle
Status
Java System Identity Manager
Vendor
CVE Published:
25 March 2009

What is CVE-2009-1082?

The Sun Java System Identity Manager versions 7.0 and 8.0 exhibit a vulnerability that allows remote authenticated users to gain elevated privileges. This can be exploited by submitting specially crafted commands to the Admin Console, compromising security by enabling unauthorized account creation and other administrative functions. The vulnerability is particularly associated with the saveNoValidate action and specific form workflows, posing significant risks to users and systems relying on this software.

References

http://sunsolve.sun.com/search/document.do?assetkey=1-21-...
x_refsource_CONFIRM
http://sunsolve.sun.com/search/document.do?assetkey=1-66-...
vendor-advisoryx_refsource_SUNALERT
http://sunsolve.sun.com/search/document.do?assetkey=1-21-...
x_refsource_CONFIRM

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.
CVE-2009-1082 : Privilege Escalation in Sun Java System Identity Manager by Authenticated Users