Command Injection Vulnerability in Sun Java System Identity Manager
CVE-2009-1083

Currently unrated

Key Information:

Vendor
Oracle
Status
Java System Identity Manager
Vendor
CVE Published:
25 March 2009

Summary

The Sun Java System Identity Manager versions 7.0 through 8.0 running on various operating systems including Linux, AIX, Solaris, and HP-UX are vulnerable to command injection. This vulnerability arises from the acceptance of control characters in user account passwords, enabling remote attackers to execute arbitrary commands through certain vectors, particularly when utilizing resource adapters.

References

http://sunsolve.sun.com/search/document.do?assetkey=1-66-...
vendor-advisoryx_refsource_SUNALERT
http://securitytracker.com/id?1021881
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/34191
vdb-entryx_refsource_BID

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.