Vulnerability Name: CVE-2008-0240 (CCN-39586) Assigned: 2008-01-09 Published: 2008-01-09 Updated: 2018-10-15 Summary: /idm/help/index.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to inject frames from arbitrary web sites and conduct phishing attacks via the helpUrl parameter, aka "frame injection." CVSS v3 Severity: 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): LowAvailibility (A): None
CVSS v2 Severity: 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N )3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): PartialAvailibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N )3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): PartialAvailibility (A): None
Vulnerability Type: CWE-79 Vulnerability Consequences: Gain Access References: Source: MITRE Type: CNACVE-2008-0240 Source: CCN Type: SA28356Sun Java System Identity Manager Cross-Site Scripting Vulnerabilities Source: SECUNIA Type: Vendor Advisory28356 Source: SREASON Type: UNKNOWN3535 Source: SUNALERT Type: UNKNOWN103180 Source: SUNALERT Type: UNKNOWN200558 Source: CCN Type: Sun Alert ID: 103180Multiple Security Vulnerabilities in the Sun Java System Identity Manager May Allow HTML Injection, Cross-Site Scripting Exploits or Unauthorized Redirection Source: CCN Type: ASA-2008-030Multiple Security Vulnerabilities in the Sun Java System Identity Manager May Allow HTML Injection Cross-Site Scripting Exploits or Unauthorized Redirection (SUN 103180) Source: CCN Type: OSVDB ID: 43279Sun Java System Identity Manager /idm/help/index.jsp helpUrl Variable Remote Frame Injection Source: CCN Type: ProCheckUp: PR07-10Frame Injection on Sun Java System Identity Manager 6.0/7.x "helpUrl" parameter Source: MISC Type: Exploit, Patchhttp://www.procheckup.com/Vulnerability_PR07-10.php Source: BUGTRAQ Type: UNKNOWN20080110 PR07-06, PR07-07, PR07-08, PR07-09, PR07-10, PR07-12: Several XSS, Cross-domain Redirection and Frame Injection on Sun Java System Identity Manager Source: BID Type: UNKNOWN27214 Source: CCN Type: BID-27214Sun Java System Identity Manager Multiple Input Validation Vulnerabilities Source: VUPEN Type: UNKNOWNADV-2008-0089 Source: XF Type: UNKNOWNsun-identity-index-frame-injection(39586) Source: XF Type: UNKNOWNsun-identity-index-frame-injection(39586) Vulnerable Configuration: Configuration 1 :cpe:/a:sun:java_system_identity_manager:6.0:sp1:*:*:*:*:*:* OR cpe:/a:sun:java_system_identity_manager:6.0:sp2:*:*:*:*:*:* OR cpe:/a:sun:java_system_identity_manager:6.0:sp3:*:*:*:*:*:* OR cpe:/a:sun:java_system_identity_manager:7.0:*:*:*:*:*:*:* OR cpe:/a:sun:java_system_identity_manager:7.1:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:sun:java_system_identity_manager:7.0:*:*:*:*:*:*:* OR cpe:/a:sun:java_system_identity_manager:7.1:*:*:*:*:*:*:* OR cpe:/a:sun:java_system_identity_manager:6.0:sp1:*:*:*:*:*:* OR cpe:/a:sun:java_system_identity_manager:6.0:sp2:*:*:*:*:*:* OR cpe:/a:sun:java_system_identity_manager:6.0:sp3:*:*:*:*:*:* AND cpe:/o:redhat:linux:*:*:*:*:*:*:*:* OR cpe:/o:novell:suse_linux_enterprise_server:*:*:*:*:*:*:*:* OR cpe:/o:hp:openvms:*:*:*:*:*:*:*:* Denotes that component is vulnerable BACK
sun java system identity manager 6.0 sp1
sun java system identity manager 6.0 sp2
sun java system identity manager 6.0 sp3
sun java system identity manager 7.0
sun java system identity manager 7.1
sun java system identity manager 7.0
sun java system identity manager 7.1
sun java system identity manager 6.0 sp1
sun java system identity manager 6.0 sp2
sun java system identity manager 6.0 sp3
redhat linux *
novell suse linux enterprise server *
hp openvms *