Sun Java System Identity Manager (IdM) 7.0 up to and including 8.0 does not enforce the expected privilege requirements for (1) deleting audit policies and (2) modifying workflows, which allows remote authenticated users to have an unspecified impact.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sun java system identity manager 7.0 |
||
sun java system identity manager 7.1.1 |
||
sun java system identity manager 8.0 |
||
sun java system identity manager 7.1 |