Sun Java System Identity Manager — known CVE vulnerabilities
Every CVE whose affected-product data names Sun Java System Identity Manager, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (19)
CVE-2009-1083 — CVSS 9.0 (critical): Sun Java System Identity Manager (IdM) 7.0 through 8.0 on Linux, AIX, Solaris, and HP-UX permits "control characters" in the passwords of…
CVE-2009-1082 — CVSS 9.0 (critical): Sun Java System Identity Manager (IdM) 7.0 through 8.0 allows remote authenticated users to gain privileges by submitting crafted commands…
CVE-2008-5116 — CVSS 7.8 (high): Directory traversal vulnerability in idm/includes/helpServer.jsp in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1…
CVE-2008-5115 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote…
CVE-2009-1077 — CVSS 6.5 (medium): The Change My Password implementation in the admin interface in Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not enforce the…
CVE-2009-1084 — CVSS 6.4 (medium): Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not properly restrict access to the System Configuration object, which allows…
CVE-2008-5117 — CVSS 6.4 (medium): Open redirect vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to redirect users…
CVE-2008-0241 — CVSS 5.8 (medium): Open redirect vulnerability in /idm/user/login.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote…
CVE-2009-1075 — CVSS 5.0 (medium): Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds differently to failed use of the Forgot Password feature depending on…
CVE-2009-1074 — CVSS 5.0 (medium): Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not use SSL in all expected circumstances, which makes it easier for remote…
CVE-2009-1076 — CVSS 5.0 (medium): Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds differently to failed use of the end-user question-based login feature…
CVE-2008-0240 — CVSS 4.3 (medium): /idm/help/index.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to inject frames from…
CVE-2008-0239 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allow remote…
CVE-2009-1079 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager (IdM) 7.0 through 8.0 allow remote attackers to…
CVE-2009-1080 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager (IdM) 7.0 through 8.0 allow remote attackers to…
CVE-2009-1081 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager (IdM) 7.0 through 8.0 allow remote attackers to…
CVE-2008-5118 — CVSS 4.3 (medium): Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to inject frames from arbitrary web sites and…
CVE-2008-5114 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allow remote…
CVE-2009-1078 — CVSS 4.0 (medium): Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not enforce the expected privilege requirements for (1) deleting audit policies…