CVE-2008-5115

Cross-site request forgery (CSRF) vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to hijack the authentication of administrators for requests that update the password via idm/admin/changeself.jsp.

Link	Resource
http://sunsolve.sun.com/search/document.do?assetkey=1-26-243386-1	Patch Vendor Advisory
http://www.securityfocus.com/bid/32262
http://secunia.com/advisories/32606	Vendor Advisory
http://osvdb.org/49766
http://www.securitytracker.com/id?1021170
http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr07-11
http://www.vupen.com/english/advisories/2008/3128
https://exchange.xforce.ibmcloud.com/vulnerabilities/46553
http://www.securityfocus.com/archive/1/498479/100/0/threaded

Configuration 1

cpe:2.3:a:sun:java_system_identity_manager:6.0:sp2:*:*:*:*:*:* cpe:2.3:a:sun:java_system_identity_manager:7.0:*:*:*:*:*:*:* cpe:2.3:a:sun:java_system_identity_manager:6.0:sp1:*:*:*:*:*:* cpe:2.3:a:sun:java_system_identity_manager:7.1:*:*:*:*:*:*:* cpe:2.3:a:sun:java_system_identity_manager:6.0:sp3:*:*:*:*:*:* cpe:2.3:a:sun:java_system_identity_manager:6.0:sp4:*:*:*:*:*:* cpe:2.3:a:sun:java_system_identity_manager:6.0:*:*:*:*:*:*:*

---

Published : 2008-11-18 12:30

Updated : 2018-10-11 08:54

---

NVD link : CVE-2008-5115

Mitre link : CVE-2008-5115

No products.

CWE-352