Vulnerability CVE-2008-5114 - CERT Civis.Net

Vulnerability Name:

CVE-2008-5114 (CCN-46552)

Assigned:

2008-11-11

Published:

2008-11-11

Updated:

2017-08-08

Summary:

Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2008-5114

Source: OSVDB
Type: UNKNOWN
49765

Source: CCN
Type: SA32606
Sun Java System Identity Manager Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
32606

Source: CCN
Type: SECTRACK ID: 1021170
Sun Java System Identity Manager Bugs Permit Cross-Site Scripting and Cross-Site Request Forgery Attacks and Disclose Files to Remote Users

Source: SUNALERT
Type: Patch, Vendor Advisory
243386

Source: CCN
Type: Sun Alert ID: 243386
Multiple Security Vulnerabilities in Sun Java System Identity Manager

Source: CCN
Type: ASA-2008-453
Multiple Security Vulnerabilities in Sun Java System Identity Manager (Sun 243386)

Source: CCN
Type: OSVDB ID: 49765
Sun Java System Identity Manager Unspecified XSS

Source: BID
Type: UNKNOWN
32262

Source: CCN
Type: BID-32262
Sun Java System Identity Manager Multiple Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1021170

Source: CCN
Type: Sun Web site
Sun Identity Manager

Source: VUPEN
Type: UNKNOWN
ADV-2008-3128

Source: XF
Type: UNKNOWN
sun-jsim-unspecified-xss(46552)

Source: XF
Type: UNKNOWN
sun-jsim-unspecified-xss(46552)

Vulnerable Configuration:

Configuration 1:

cpe:/a:sun:java_system_identity_manager:6.0:*:*:*:*:*:*:*

OR cpe:/a:sun:java_system_identity_manager:6.0:sp1:*:*:*:*:*:*

OR cpe:/a:sun:java_system_identity_manager:6.0:sp2:*:*:*:*:*:*

OR cpe:/a:sun:java_system_identity_manager:6.0:sp3:*:*:*:*:*:*

OR cpe:/a:sun:java_system_identity_manager:6.0:sp4:*:*:*:*:*:*

OR cpe:/a:sun:java_system_identity_manager:7.0:*:*:*:*:*:*:*

OR cpe:/a:sun:java_system_identity_manager:7.1:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:sun:java_system_identity_manager:6.0:*:*:*:*:*:*:*

OR cpe:/a:sun:java_system_identity_manager:7.0:*:*:*:*:*:*:*

OR cpe:/a:sun:java_system_identity_manager:7.1:*:*:*:*:*:*:*

OR cpe:/a:sun:java_system_identity_manager:6.0:sp1:*:*:*:*:*:*

OR cpe:/a:sun:java_system_identity_manager:6.0:sp2:*:*:*:*:*:*

OR cpe:/a:sun:java_system_identity_manager:6.0:sp3:*:*:*:*:*:*

OR cpe:/a:sun:java_system_identity_manager:6.0:sp4:*:*:*:*:*:*

Denotes that component is vulnerable