CVE-2008-5115
SUN Java System Identity Manager - CSRF
Title source: ruleDescription
Cross-site request forgery (CSRF) vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to hijack the authentication of administrators for requests that update the password via idm/admin/changeself.jsp.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Richard Brain · htmlwebappsjsp
https://www.exploit-db.com/exploits/32579
References (9)
Scores
EPSS
0.0080
EPSS Percentile
74.2%
Details
CWE
CWE-352
Status
published
Products (3)
sun/java_system_identity_manager
6.0 (5 CPE variants)
sun/java_system_identity_manager
7.0
sun/java_system_identity_manager
7.1
Published
Nov 18, 2008
Tracked Since
Feb 18, 2026