mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 09:11:28 +00:00
192 lines
6.0 KiB
JSON
192 lines
6.0 KiB
JSON
{
|
|
"id": "CVE-2008-5115",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2008-11-18T00:30:00.360",
|
|
"lastModified": "2024-11-21T00:53:19.220",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Cross-site request forgery (CSRF) vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to hijack the authentication of administrators for requests that update the password via idm/admin/changeself.jsp."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Una vulnerabilidad de tipo cross-site request forgery (CSRF) en Sun Java System Identity Manager en versiones 6.0 hasta 6.0 SP4 , versiones 7.0 y 7.1, permite a los atacantes remotos secuestrar la autenticaci\u00f3n de administradores para peticiones que actualizan la contrase\u00f1a por medio del archivo idm/admin/changeself.jsp."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
|
|
"baseScore": 6.8,
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "MEDIUM",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "PARTIAL"
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 8.6,
|
|
"impactScore": 6.4,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": true,
|
|
"userInteractionRequired": true
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-352"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sun:java_system_identity_manager:6.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "13445915-DF3D-4C52-B1DC-9FC6BE0DD519"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sun:java_system_identity_manager:6.0:sp1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D0C2964C-7435-4999-AF16-01CD9EF5782C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sun:java_system_identity_manager:6.0:sp2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "51CFF484-5A52-41DC-A003-A9319DF2AFB8"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sun:java_system_identity_manager:6.0:sp3:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9A7E88DA-F3A8-4B0F-AD4F-8680C1FB3282"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sun:java_system_identity_manager:6.0:sp4:*:*:*:*:*:*",
|
|
"matchCriteriaId": "861DEDA3-93A1-405A-BA2F-764AE4219D89"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sun:java_system_identity_manager:7.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0980492E-B7DB-4B9F-A400-FDC47DB89A95"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:sun:java_system_identity_manager:7.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3A5C87C0-3734-4568-97A6-6AB8979AABE7"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://osvdb.org/49766",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://secunia.com/advisories/32606",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-243386-1",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Patch",
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr07-11",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/archive/1/498479/100/0/threaded",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/bid/32262",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://www.securitytracker.com/id?1021170",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://www.vupen.com/english/advisories/2008/3128",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46553",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://osvdb.org/49766",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "http://secunia.com/advisories/32606",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-243386-1",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Patch",
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr07-11",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/archive/1/498479/100/0/threaded",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/bid/32262",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "http://www.securitytracker.com/id?1021170",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "http://www.vupen.com/english/advisories/2008/3128",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46553",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
}
|
|
]
|
|
} |