Sun Java System Access Manager — known CVE vulnerabilities
Every CVE whose affected-product data names Sun Java System Access Manager, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (15)
CVE-2008-2705 — CVSS 9.3 (critical): Unspecified vulnerability in Sun Java System Access Manager (AM) 7.1, when used with certain versions and configurations of Sun Directory…
CVE-2009-0169 — CVSS 9.0 (critical): Sun Java System Access Manager 7.1 allows remote authenticated sub-realm administrators to gain privileges, as demonstrated by creating the…
CVE-2008-2945 — CVSS 7.5 (high): Sun Java System Access Manager 6.3 through 7.1 and Sun Java System Identity Server 6.1 and 6.2 do not properly process XSLT stylesheets in…
CVE-2007-5152 — CVSS 7.5 (high): Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 9.1 container, does not demand authentication…
CVE-2006-0531 — CVSS 7.2 (high): Unspecified vulnerability in Sun Java System Access Manager 7.0 allows local users logged in as "root" to bypass authentication and gain…
CVE-2007-5153 — CVSS 6.8 (medium): Unspecified vulnerability in Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 8.x container…
CVE-2010-4444 — CVSS 6.8 (medium): Unspecified vulnerability in Oracle Sun Java System Access Manager and Oracle OpenSSO 7, 7.1, and 8 allows remote attackers to affect…
CVE-2009-0170 — CVSS 6.0 (medium): Sun Java System Access Manager 6.3 2005Q1, 7 2005Q4, and 7.1 allows remote authenticated users with console privileges to discover…
CVE-2009-0348 — CVSS 5.0 (medium): The login module in Sun Java System Access Manager 6 2005Q1 (aka 6.3), 7 2005Q4 (aka 7.0), and 7.1 responds differently to a failed login…
CVE-2007-0628 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Access Manager 6.1, 6.2, 6 2005Q1 (6.3), and 7 2005Q4 (7.0) before…
CVE-2008-1204 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the Administration Console in Sun Java System Access Manager 7.1 and 7 2005Q4 allow…
CVE-2009-2713 — CVSS 4.3 (medium): The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4 and 7.1, when Cross Domain Single Sign On (CDSSO) is enabled, does…
CVE-2009-2268 — CVSS 2.6 (low): Cross-site scripting (XSS) vulnerability in the Cross-Domain Controller (CDC) servlet in Sun Java System Access Manager 6 2005Q1, 7 2005Q4…
CVE-2009-2712 — CVSS 2.1 (low): Sun Java System Access Manager 6.3 2005Q1, 7.0 2005Q4, and 7.1; and OpenSSO Enterprise 8.0; when AMConfig.properties enables the debug…
CVE-2007-3700 — CVSS 1.7 (low): Sun Java System Access Manager (formerly Java System Identity Server) before 20070710, when the message debug level is configured in the…