CVE-2009-1078 Information

Description

Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not enforce the expected privilege requirements for (1) deleting audit policies and (2) modifying workflows which allows remote authenticated users to have an unspecified impact.

Reference

http://blogs.sun.com/security/entry/sun_alert_253267_sun_java http://secunia.com/advisories/34380 http://securitytracker.com/id?1021881 http://sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1 http://www.securityfocus.com/bid/34191 http://www.vupen.com/english/advisories/2009/0797