Local Session Access Vulnerability in Sun Ray Server Software
CVE-2009-2489

Currently unrated

Key Information:

Vendor: Oracle
Status: Ray Server Software
Vendor: CVE Published:; 16 July 2009

Summary

The Sun Ray Server Software (SRSS) 4.0 contains an unspecified vulnerability within the utdmsession program that allows local users to access sessions belonging to arbitrary users. This vulnerability can be exploited through unknown vectors, potentially compromising user privacy and security. Organizations using this software should take immediate action to assess risk and apply necessary mitigations.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/51743

vdb-entryx_refsource_XF

http://sunsolve.sun.com/search/document.do?assetkey=1-66-...

vendor-advisoryx_refsource_SUNALERT

http://sunsolve.sun.com/search/document.do?assetkey=1-21-...

x_refsource_CONFIRM

Timeline

Vulnerability published
Jul 16, 2009
Vulnerability Reserved
Jul 16, 2009