{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-11-11T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to hijack the authentication of administrators for requests that update the password via idm/admin/changeself.jsp."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "243386", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-243386-1"}, {"name": "32606", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32606"}, {"tags": ["x_refsource_MISC"], "url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr07-11"}, {"name": "32262", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/32262"}, {"name": "ADV-2008-3128", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/3128"}, {"name": "49766", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/49766"}, {"name": "20081119 PR07-11: Cross-site Request Forgery (CSRF) on Sun Java System Identity Manager", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/498479/100/0/threaded"}, {"name": "sun-jsim-unspecified-csrf(46553)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46553"}, {"name": "1021170", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1021170"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-5115", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site request forgery (CSRF) vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to hijack the authentication of administrators for requests that update the password via idm/admin/changeself.jsp."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "243386", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-243386-1"}, {"name": "32606", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32606"}, {"name": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr07-11", "refsource": "MISC", "url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr07-11"}, {"name": "32262", "refsource": "BID", "url": "http://www.securityfocus.com/bid/32262"}, {"name": "ADV-2008-3128", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/3128"}, {"name": "49766", "refsource": "OSVDB", "url": "http://osvdb.org/49766"}, {"name": "20081119 PR07-11: Cross-site Request Forgery (CSRF) on Sun Java System Identity Manager", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/498479/100/0/threaded"}, {"name": "sun-jsim-unspecified-csrf(46553)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46553"}, {"name": "1021170", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1021170"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-5115", "datePublished": "2008-11-18T00:00:00", "dateReserved": "2008-11-17T00:00:00", "dateUpdated": "2018-10-11T19:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sun:java_system_identity_manager:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "13445915-DF3D-4C52-B1DC-9FC6BE0DD519", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:java_system_identity_manager:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "D0C2964C-7435-4999-AF16-01CD9EF5782C", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:java_system_identity_manager:6.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "51CFF484-5A52-41DC-A003-A9319DF2AFB8", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:java_system_identity_manager:6.0:sp3:*:*:*:*:*:*", "matchCriteriaId": "9A7E88DA-F3A8-4B0F-AD4F-8680C1FB3282", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:java_system_identity_manager:6.0:sp4:*:*:*:*:*:*", "matchCriteriaId": "861DEDA3-93A1-405A-BA2F-764AE4219D89", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:java_system_identity_manager:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "0980492E-B7DB-4B9F-A400-FDC47DB89A95", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:java_system_identity_manager:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A5C87C0-3734-4568-97A6-6AB8979AABE7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to hijack the authentication of administrators for requests that update the password via idm/admin/changeself.jsp."}, {"lang": "es", "value": "Una vulnerabilidad de tipo cross-site request forgery (CSRF) en Sun Java System Identity Manager en versiones 6.0 hasta 6.0 SP4 , versiones 7.0 y 7.1, permite a los atacantes remotos secuestrar la autenticaci\u00f3n de administradores para peticiones que actualizan la contrase\u00f1a por medio del archivo idm/admin/changeself.jsp."}], "id": "CVE-2008-5115", "lastModified": "2018-10-11T20:54:06.617", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2008-11-18T00:30:00.360", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/49766"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/32606"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-243386-1"}, {"source": "cve@mitre.org", "url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr07-11"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/498479/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/32262"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1021170"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/3128"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46553"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}