Description
Sun Java System Access Manager 6.3 2005Q1, 7 2005Q4, and 7.1 allows remote authenticated users with console privileges to discover passwords, and obtain unspecified other "access to resources," by visiting the Configuration Items component in the console.
References (6)
Core 6
Core References
Patch, Vendor Advisory x_refsource_confirm
http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-02-1
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/33265
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1021605
Patch, Vendor Advisory vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-242166-1
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/47942
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/0156
Scores
EPSS
0.0080
EPSS Percentile
74.3%
Details
CWE
CWE-255
CWE-264
Status
published
Products (3)
sun/java_system_access_manager
6.3
sun/java_system_access_manager
7.0_2005q4
sun/java_system_access_manager
7.1
Published
Jan 16, 2009
Tracked Since
Feb 18, 2026