Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sun java system access manager 7.0 vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2021-35464
ForgeRock AM server prior to 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/* request to the serv...
Forgerock Am
Forgerock Openam
1 Metasploit module
1 Github repository
7.5
CVSSv2
CVE-2008-2945
Sun Java System Access Manager 6.3 up to and including 7.1 and Sun Java System Identity Server 6.1 and 6.2 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent malicious users to execute arbitrary code via a crafted stylesh...
Sun Java System Access Manager 7.0
Sun Java System Access Manager 7.1
Sun Java System Identity Server 6.1
Sun Java System Identity Server 6.2
Sun Java System Access Manager 6.3
7.2
CVSSv2
CVE-2006-0531
Unspecified vulnerability in Sun Java System Access Manager 7.0 allows local users logged in as "root" to bypass authentication and gain top-level administrator privileges via the amadmin CLI tool.
Sun Java System Access Manager 7.0
6.4
CVSSv2
CVE-2009-1084
Sun Java System Identity Manager (IdM) 7.0 up to and including 8.0 does not properly restrict access to the System Configuration object, which allows remote authenticated administrators and possibly remote malicious users to have an unspecified impact by modifying this object.
Sun Java System Identity Manager 7.0
Sun Java System Identity Manager 7.1
Sun Java System Identity Manager 7.1.1
Sun Java System Identity Manager 8.0
5.8
CVSSv2
CVE-2010-0894
Unspecified vulnerability in the Sun Java System Access Manager component in Oracle Sun Product Suite 7.1, 7 2005Q4, and OpenSSO Enterprise 8.0 allows remote malicious users to affect confidentiality and integrity via unknown vectors.
Oracle Sun Products Suite 7.1
Oracle Sun Products Suite 7.0
Oracle Opensso Enterprise 8.0
5.8
CVSSv2
CVE-2009-3555
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and previous versions, OpenSSL prior to 0.9.8l, GnuTLS 2.8.5 and previous versions, Mozilla Network Security Ser...
Openssl Openssl 1.0
Apache Http Server
Openssl Openssl
Gnu Gnutls
Mozilla Nss
Debian Debian Linux 5.0
Canonical Ubuntu Linux 10.10
Fedoraproject Fedora 11
Fedoraproject Fedora 13
Debian Debian Linux 4.0
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Canonical Ubuntu Linux 9.04
Debian Debian Linux 6.0
Fedoraproject Fedora 12
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 10.04
Canonical Ubuntu Linux 8.10
Canonical Ubuntu Linux 9.10
Fedoraproject Fedora 14
F5 Nginx
2 EDB exploits
10 Github repositories
5
CVSSv2
CVE-2009-0348
The login module in Sun Java System Access Manager 6 2005Q1 (aka 6.3), 7 2005Q4 (aka 7.0), and 7.1 responds differently to a failed login attempt depending on whether the user account exists, which allows remote malicious users to enumerate valid usernames.
Sun Java System Access Manager 7 2005q4
Sun Java System Access Manager 7.1
Sun Java System Access Manager 6.3 2005q1
1 EDB exploit
4.3
CVSSv2
CVE-2009-2713
The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4 and 7.1, when Cross Domain Single Sign On (CDSSO) is enabled, does not ensure that "policy advice" is presented to the correct client, which allows remote malicious users to obtain sensitive informati...
Sun Java System Access Manager 7 2005q4
Sun Java System Access Manager 7.1
Sun Java System Access Manager 6.3 2005q1
Sun Java System Access Manager 7.0 2005q4
Sun Java System Web Server 7.0
4.3
CVSSv2
CVE-2008-1204
Multiple cross-site scripting (XSS) vulnerabilities in the Administration Console in Sun Java System Access Manager 7.1 and 7 2005Q4 allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors related to the (1) Help and (2) Version windows.
Sun Java System Access Manager 7.0 2005q4
Sun Java System Access Manager 7.1
Sun Java System Access Manager 7.0
4.3
CVSSv2
CVE-2007-0628
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Access Manager 6.1, 6.2, 6 2005Q1 (6.3), and 7 2005Q4 (7.0) prior to 20070129 allow remote malicious users to inject arbitrary web script or HTML via the (1) goto or (2) gx-charset parameter. NOTE: some of the...
Sun Java System Access Manager 7.0
Sun Java System Access Manager 6.2
Sun Java System Access Manager 6.3
Sun Java System Access Manager 6.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »