CVE-2009-1082 Information
Description
Sun Java System Identity Manager (IdM) 7.0 through 8.0 allows remote authenticated users to gain privileges by submitting crafted commands to the Admin Console as demonstrated by privileges for account creation and other administrative capabilities related to the saveNoValidate action and saveNoValidateAllowedFormsAndWorkflows IDs.
Reference
http://blogs.sun.com/security/entry/sun_alert_253267_sun_java http://secunia.com/advisories/34380 http://securitytracker.com/id?1021881 http://sunsolve.sun.com/search/document.do?assetkey=1-21-137621-11-1 http://sunsolve.sun.com/search/document.do?assetkey=1-21-139010-06-1 http://sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1 http://sunsolve.sun.com/search/document.do?assetkey=1-21-140936-01-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1 http://www.securityfocus.com/bid/34191 http://www.vupen.com/english/advisories/2009/0797
Share on: