CVE-2009-1082

Sun Java System Identity Manager 7.0-8.0 - Authenticated Privilege Escalation via Admin Console Commands

Title source: llm

Description

Sun Java System Identity Manager (IdM) 7.0 through 8.0 allows remote authenticated users to gain privileges by submitting crafted commands to the Admin Console, as demonstrated by privileges for account creation and other administrative capabilities, related to the saveNoValidate action and saveNoValidateAllowedFormsAndWorkflows IDs.

References (10)

Core 10

Core References

Patch x_refsource_confirm

http://sunsolve.sun.com/search/document.do?assetkey=1-21-140936-01-1

Vendor Advisory vendor-advisory x_refsource_sunalert

http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1

Patch x_refsource_confirm

http://sunsolve.sun.com/search/document.do?assetkey=1-21-137621-11-1

Vendor Advisory x_refsource_confirm

http://sunsolve.sun.com/search/document.do?assetkey=1-21-139010-06-1

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1021881

Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/34191

Vendor Advisory x_refsource_confirm

http://blogs.sun.com/security/entry/sun_alert_253267_sun_java

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/0797

Patch x_refsource_confirm

http://sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/34380

Scores

EPSS 0.0170

EPSS Percentile 82.5%

Details

CWE

CWE-20

Status published

Products (4)

sun/java_system_identity_manager 7.0

sun/java_system_identity_manager 7.1

sun/java_system_identity_manager 7.1.1

sun/java_system_identity_manager 8.0

Published Mar 25, 2009

Tracked Since Feb 18, 2026