Access Restriction Flaw in Sun Java System Identity Manager by Sun Microsystems
CVE-2009-1084

Currently unrated

Key Information:

Vendor: Oracle
Status: Java System Identity Manager
Vendor: CVE Published:; 25 March 2009

Summary

The Sun Java System Identity Manager (IdM) versions 7.0 through 8.0 has a critical flaw in access control measures for the System Configuration object. This vulnerability permits remote authenticated administrators, and potentially unauthorized remote attackers, to modify this object. The impact of such modifications could lead to significant alterations in system settings or unauthorized access to sensitive information, thereby compromising the overall security of the identity management environment.

References

http://sunsolve.sun.com/search/document.do?assetkey=1-66-...

vendor-advisoryx_refsource_SUNALERT

http://sunsolve.sun.com/search/document.do?assetkey=1-21-...

x_refsource_CONFIRM

http://securitytracker.com/id?1021881

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Mar 25, 2009
Vulnerability Reserved
Mar 25, 2009