Cross-site request forgery (CSRF) vulnerability in Sun Java System Identity Manager 6.0 up to and including 6.0 SP4, 7.0, and 7.1 allows remote malicious users to hijack the authentication of administrators for requests that update the password via idm/admin/changeself.jsp.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sun java system identity manager 6.0 |
||
sun java system identity manager 7.0 |
||
sun java system identity manager 7.1 |