admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2009/CVE-2009-10xx/CVE-2009-1077.json
cad-safe-bot 7201537f28 Auto-Update: 2024-11-22T09:12:11.646040+00:00
2024-11-22 09:15:19 +00:00

232 lines
6.5 KiB
JSON
Raw Blame History

{
"id": "CVE-2009-1077",
"sourceIdentifier": "cve@mitre.org",
"published": "2009-03-25T15:30:00.327",
"lastModified": "2024-11-21T01:01:36.927",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "The Change My Password implementation in the admin interface in Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not enforce the RequiresChallenge property setting, which allows remote authenticated users to change the passwords of other users, as demonstrated by changing the administrator's password."
},
{
"lang": "es",
"value": "La implementaci\u00f3n de Change My Password en el intefase de administraci\u00f3n en Sun Java System Identity Manager (IdM) v7.0 hasta v8.0 no refuerza el valor de la propiedad RequiresChallenge, lo que permite a usuarios remotos autenticados cambiar la contrase\u00f1a a otros usuarios, como se demostr\u00f3 cambiando la contrase\u00f1a al administrador."
}
],
"metrics": {
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseScore": 6.5,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-264"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sun:java_system_identity_manager:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0980492E-B7DB-4B9F-A400-FDC47DB89A95"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sun:java_system_identity_manager:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A5C87C0-3734-4568-97A6-6AB8979AABE7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sun:java_system_identity_manager:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E1E3B2F0-90E6-4868-915F-87131711EEE5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sun:java_system_identity_manager:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "90BC0B23-0CEE-489B-B89A-8776272EC8D2"
}
]
}
]
}
],
"references": [
{
"url": "http://blogs.sun.com/security/entry/sun_alert_253267_sun_java",
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "http://secunia.com/advisories/34380",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://securitytracker.com/id?1021881",
"source": "cve@mitre.org"
},
{
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-137621-11-1",
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139010-06-1",
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1",
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-140936-01-1",
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1",
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "http://www.securityfocus.com/bid/34191",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
]
},
{
"url": "http://www.vupen.com/english/advisories/2009/0797",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://blogs.sun.com/security/entry/sun_alert_253267_sun_java",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "http://secunia.com/advisories/34380",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://securitytracker.com/id?1021881",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-137621-11-1",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-139010-06-1",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-140936-01-1",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "http://www.securityfocus.com/bid/34191",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
]
},
{
"url": "http://www.vupen.com/english/advisories/2009/0797",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink