CVE-2008-5115

{"id": "CVE-2008-5115", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": true}]}, "published": "2008-11-18T00:30:00.360", "references": [{"url": "http://osvdb.org/49766", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/32606", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-243386-1", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr07-11", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/498479/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/32262", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1021170", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/3128", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46553", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/49766", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/32606", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-243386-1", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr07-11", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/498479/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/32262", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id?1021170", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2008/3128", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46553", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to hijack the authentication of administrators for requests that update the password via idm/admin/changeself.jsp."}, {"lang": "es", "value": "Una vulnerabilidad de tipo cross-site request forgery (CSRF) en Sun Java System Identity Manager en versiones 6.0 hasta 6.0 SP4 , versiones 7.0 y 7.1, permite a los atacantes remotos secuestrar la autenticaci\u00f3n de administradores para peticiones que actualizan la contrase\u00f1a por medio del archivo idm/admin/changeself.jsp."}], "lastModified": "2024-11-21T00:53:19.220", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sun:java_system_identity_manager:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "13445915-DF3D-4C52-B1DC-9FC6BE0DD519"}, {"criteria": "cpe:2.3:a:sun:java_system_identity_manager:6.0:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D0C2964C-7435-4999-AF16-01CD9EF5782C"}, {"criteria": "cpe:2.3:a:sun:java_system_identity_manager:6.0:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51CFF484-5A52-41DC-A003-A9319DF2AFB8"}, {"criteria": "cpe:2.3:a:sun:java_system_identity_manager:6.0:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A7E88DA-F3A8-4B0F-AD4F-8680C1FB3282"}, {"criteria": "cpe:2.3:a:sun:java_system_identity_manager:6.0:sp4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "861DEDA3-93A1-405A-BA2F-764AE4219D89"}, {"criteria": "cpe:2.3:a:sun:java_system_identity_manager:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0980492E-B7DB-4B9F-A400-FDC47DB89A95"}, {"criteria": "cpe:2.3:a:sun:java_system_identity_manager:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A5C87C0-3734-4568-97A6-6AB8979AABE7"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}