| Vulnerability Name: | CVE-2009-1080 (CCN-49614) | ||||||||
| Assigned: | 2009-03-19 | ||||||||
| Published: | 2009-03-19 | ||||||||
| Updated: | 2009-10-06 | ||||||||
| Summary: | Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager (IdM) 7.0 through 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID 19033. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-79 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: CONFIRM Type: Patch, Vendor Advisory http://blogs.sun.com/security/entry/sun_alert_253267_sun_java Source: MITRE Type: CNA CVE-2009-1080 Source: CCN Type: SA34380 Sun Java System Identity Manager Multiple Vulnerabilities Source: SECUNIA Type: Vendor Advisory 34380 Source: CCN Type: SECTRACK ID: 1021881 Sun Java System Identity Manager Bugs Let Local and Remote Users Gain Privileges Source: SECTRACK Type: UNKNOWN 1021881 Source: CCN Type: Sun Alert ID: 253267 Sun Java System Identity Manager Security Vulnerabilities Source: SUNALERT Type: Patch, Vendor Advisory 253267 Source: CCN Type: OSVDB ID: 53155 Sun Java System Identity Manager Multiple Unspecified XSS (19033) Source: BID Type: Exploit, Patch 34191 Source: CCN Type: BID-34191 Sun Java System Identity Manager Multiple Vulnerabilities Source: VUPEN Type: Vendor Advisory ADV-2009-0797 Source: XF Type: UNKNOWN jsim-unspecified-xss-var1(49614) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||