CVE-2008-5115

Cross-site request forgery (CSRF) vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to hijack the authentication of administrators for requests that update the password via idm/admin/changeself.jsp.

Published: Nov 18, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-5115
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-352

Affected Software
References

Software	From	Fixed in
sun / java_system_identity_manager	6.0-sp2	6.0-sp2.x
sun / java_system_identity_manager	7.0	7.0.x
sun / java_system_identity_manager	6.0-sp1	6.0-sp1.x
sun / java_system_identity_manager	7.1	7.1.x
sun / java_system_identity_manager	6.0-sp3	6.0-sp3.x
sun / java_system_identity_manager	6.0-sp4	6.0-sp4.x
sun / java_system_identity_manager	6.0	6.0.x

http://osvdb.org/49766
http://secunia.com/advisories/32606
http://sunsolve.sun.com/search/document.do?assetkey=1-26-243386-1
http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr07-11
http://www.securityfocus.com/archive/1/498479/100/0/threaded
http://www.securityfocus.com/bid/32262
http://www.securitytracker.com/id?1021170
http://www.vupen.com/english/advisories/2008/3128
https://exchange.xforce.ibmcloud.com/vulnerabilities/46553

Vulnerability Database

290,278

CVE-2008-5115