Vulnerability Name: CVE-2008-0241 (CCN-39590) Assigned: 2008-01-09 Published: 2008-01-09 Updated: 2018-10-15 Summary: Open redirect vulnerability in /idm/user/login.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the nextPage parameter. CVSS v3 Severity: 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): LowAvailibility (A): Low
CVSS v2 Severity: 5.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P 4.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): PartialAvailibility (A): Partial
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P 5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
Vulnerability Type: CWE-20 Vulnerability Consequences: Bypass Security References: Source: MITRECVE-2008-0241 Sun Java System Identity Manager Cross-Site Scripting Vulnerabilities 28356 3535 103180 200558 Multiple Security Vulnerabilities in the Sun Java System Identity Manager May Allow HTML Injection, Cross-Site Scripting Exploits or Unauthorized Redirection Multiple Security Vulnerabilities in the Sun Java System Identity Manager May Allow HTML Injection Cross-Site Scripting Exploits or Unauthorized Redirection (SUN 103180) Sun Java System Identity Manager /idm/user/login.jsp nextPage Variable Arbitrary Site Redirect Cross-domain redirect on Sun Java System Identity Manager 6.0/7.x http://www.procheckup.com/Vulnerability_PR07-12.php 20080110 PR07-06, PR07-07, PR07-08, PR07-09, PR07-10, PR07-12: Several XSS, Cross-domain Redirection and Frame Injection on Sun Java System Identity Manager 27214 Sun Java System Identity Manager Multiple Input Validation Vulnerabilities ADV-2008-0089 sun-identity-login-security-bypass(39590) sun-identity-login-security-bypass(39590) Vulnerable Configuration: Configuration 1 :cpe:/a:sun:java_system_identity_manager:6.0:sp1:*:*:*:*:*:* OR cpe:/a:sun:java_system_identity_manager:6.0:sp2:*:*:*:*:*:* OR cpe:/a:sun:java_system_identity_manager:6.0:sp3:*:*:*:*:*:* OR cpe:/a:sun:java_system_identity_manager:7.0:*:*:*:*:*:*:* OR cpe:/a:sun:java_system_identity_manager:7.1:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:sun:java_system_identity_manager:7.0:*:*:*:*:*:*:* OR cpe:/a:sun:java_system_identity_manager:7.1:*:*:*:*:*:*:* OR cpe:/a:sun:java_system_identity_manager:6.0:sp1:*:*:*:*:*:* OR cpe:/a:sun:java_system_identity_manager:6.0:sp2:*:*:*:*:*:* OR cpe:/a:sun:java_system_identity_manager:6.0:sp3:*:*:*:*:*:* AND cpe:/o:redhat:linux:*:*:*:*:*:*:*:* OR cpe:/o:novell:suse_linux_enterprise_server:*:*:*:*:*:*:*:* OR cpe:/o:hp:openvms:*:*:*:*:*:*:*:* BACK
sun java system identity manager 6.0 sp1
sun java system identity manager 6.0 sp2
sun java system identity manager 6.0 sp3
sun java system identity manager 7.0
sun java system identity manager 7.1
sun java system identity manager 7.0
sun java system identity manager 7.1
sun java system identity manager 6.0 sp1
sun java system identity manager 6.0 sp2
sun java system identity manager 6.0 sp3
redhat linux *
novell suse linux enterprise server *
hp openvms *
Denotes that component is vulnerable