CVE-2009-1078

Sun Java System Identity Manager 7.0-8.0 Privilege Escalation via Audit Policy Deletion

Title source: llm

Description

Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not enforce the expected privilege requirements for (1) deleting audit policies and (2) modifying workflows, which allows remote authenticated users to have an unspecified impact.

References (7)

Core 7

Core References

Patch, Vendor Advisory vendor-advisory x_refsource_sunalert

http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1021881

Exploit, Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/34191

Patch, Vendor Advisory x_refsource_confirm

http://blogs.sun.com/security/entry/sun_alert_253267_sun_java

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/0797

Patch x_refsource_confirm

http://sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/34380

Scores

EPSS 0.0051

EPSS Percentile 66.5%

Details

CWE

CWE-264

Status published

Products (4)

sun/java_system_identity_manager 7.0

sun/java_system_identity_manager 7.1

sun/java_system_identity_manager 7.1.1

sun/java_system_identity_manager 8.0

Published Mar 25, 2009

Tracked Since Feb 18, 2026