CVE-2008-5115

EUVD-2008-5094
Cross-site request forgery (CSRF) vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to hijack the authentication of administrators for requests that update the password via idm/admin/changeself.jsp.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
Affected Products (NVD)
VendorProductVersion
sunjava_system_identity_manager
6.0
sunjava_system_identity_manager
6.0:sp1
sunjava_system_identity_manager
6.0:sp2
sunjava_system_identity_manager
6.0:sp3
sunjava_system_identity_manager
6.0:sp4
sunjava_system_identity_manager
7.0
sunjava_system_identity_manager
7.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://osvdb.org/49766
http://secunia.com/advisories/32606
http://sunsolve.sun.com/search/document.do?assetkey=1-26-243386-1
http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr07-11
http://www.securityfocus.com/archive/1/498479/100/0/threaded
http://www.securityfocus.com/bid/32262
http://www.securitytracker.com/id?1021170
http://www.vupen.com/english/advisories/2008/3128
https://exchange.xforce.ibmcloud.com/vulnerabilities/46553
http://osvdb.org/49766
http://secunia.com/advisories/32606
http://sunsolve.sun.com/search/document.do?assetkey=1-26-243386-1
http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr07-11
http://www.securityfocus.com/archive/1/498479/100/0/threaded
http://www.securityfocus.com/bid/32262
http://www.securitytracker.com/id?1021170
http://www.vupen.com/english/advisories/2008/3128
https://exchange.xforce.ibmcloud.com/vulnerabilities/46553