Sun Java System Identity Manager (IdM) 7.0 up to and including 8.0 does not use SSL in all expected circumstances, which makes it easier for remote malicious users to obtain sensitive information by sniffing the network, related to "ssl termination devices" and lack of support for relative URLs.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sun java system identity manager 7.0 |
||
sun java system identity manager 7.1 |
||
sun java system identity manager 8.0 |
||
sun java system identity manager 7.1.1 |