{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-12-05T00:00:00", "descriptions": [{"lang": "en", "value": "Sun Sun Ray Server Software 3.1 through 4.0 does not properly restrict access, which allows remote attackers to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-502.htm"}, {"name": "33108", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/33108"}, {"name": "32769", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/32769"}, {"name": "rayserver-unspecified-security-bypass(47253)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47253"}, {"name": "ADV-2008-3406", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/3406"}, {"name": "1021383", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1021383"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-127553-04-1"}, {"name": "240365", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-240365-1"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-5422", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Sun Sun Ray Server Software 3.1 through 4.0 does not properly restrict access, which allows remote attackers to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-502.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-502.htm"}, {"name": "33108", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33108"}, {"name": "32769", "refsource": "BID", "url": "http://www.securityfocus.com/bid/32769"}, {"name": "rayserver-unspecified-security-bypass(47253)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47253"}, {"name": "ADV-2008-3406", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/3406"}, {"name": "1021383", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1021383"}, {"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-127553-04-1", "refsource": "CONFIRM", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-127553-04-1"}, {"name": "240365", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-240365-1"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-5422", "datePublished": "2008-12-11T15:00:00", "dateReserved": "2008-12-11T00:00:00", "dateUpdated": "2017-08-07T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sun:ray_server_software:3.0:*:sparc:*:*:*:*:*", "matchCriteriaId": "7D0CE9C1-18FF-4E85-B570-1A9771616559", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:ray_server_software:3.1:*:sparc:*:*:*:*:*", "matchCriteriaId": "42C7BEE0-2BB5-4945-A352-380E6B89115F", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:ray_server_software:4.0:*:sparc:*:*:*:*:*", "matchCriteriaId": "CAE615D0-41D5-46DD-86D4-B226068C58A5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:sun:solaris:8:*:sparc:*:*:*:*:*", "matchCriteriaId": "6DBDFD8C-371E-42D2-9635-D8CDD1775984", "vulnerable": false}, {"criteria": "cpe:2.3:o:sun:solaris:9:*:sparc:*:*:*:*:*", "matchCriteriaId": "14CFA6D3-A611-4DF0-97AB-C30B79833DFA", "vulnerable": false}, {"criteria": "cpe:2.3:o:sun:solaris:10:*:sparc:*:*:*:*:*", "matchCriteriaId": "7FBA68F0-4577-46F5-A754-D365B6EFF872", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sun:ray_server_software:3.1:*:x86:*:*:*:*:*", "matchCriteriaId": "6017DA4B-4B2C-4611-9DFC-25C4F429515C", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:ray_server_software:4.0:*:x86:*:*:*:*:*", "matchCriteriaId": "5B17D330-9E56-478F-A2C2-D4524B04CC5C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:sun:solaris:10:*:x86:*:*:*:*:*", "matchCriteriaId": "E79CFAA6-A08A-4C70-A3D9-B02C29A17FF2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sun:ray_server_software:3.1.1:*:linux:*:*:*:*:*", "matchCriteriaId": "FD210ED7-C05B-45D2-BE3F-19ED9E8AB274", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:ray_server_software:4.0:*:linux:*:*:*:*:*", "matchCriteriaId": "2621BD59-0ED4-402E-98EB-0F643078F4CB", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:novell:suse_linux_enterprise_server:9:*:*:*:*:*:*:*", "matchCriteriaId": "18BE709B-6EEB-489D-B982-6D0D978D1D20", "vulnerable": false}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:4:*:advanced_server:*:*:*:*:*", "matchCriteriaId": "0D89C3A6-C174-4D55-8DB8-343627516967", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sun:ray_server_software:3.0:*:linux:*:*:*:*:*", "matchCriteriaId": "1E517321-3661-4C8C-9404-E90933FD10D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:sun:ray_server_software:3.1:*:linux:*:*:*:*:*", "matchCriteriaId": "11873A8B-1C1F-4AD8-86AE-B3AEB58F58CE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:sun:java_desktop_system:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "F5537D6C-7700-4818-93F7-4449049DF131", "vulnerable": false}, {"criteria": "cpe:2.3:o:novell:suse_linux_enterprise_server:8:*:*:*:*:*:*:*", "matchCriteriaId": "03633A39-A07A-41B1-BF47-3DA3591F7896", "vulnerable": false}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:3:*:advanced_server:*:*:*:*:*", "matchCriteriaId": "80220C9F-4E73-448C-8E2E-F1AECAD56419", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Sun Sun Ray Server Software 3.1 through 4.0 does not properly restrict access, which allows remote attackers to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors."}, {"lang": "es", "value": "Sun Sun Ray Server Software v3.1 a v4.0 no restringe el acceso apropiadamente, lo que permite a atacantes remotos descubrir la contrase\u00f1a de administraci\u00f3n de Sun Ray y obtener acceso admin a el Data Store y la Administration GUI, mediante vectores no especificados."}], "id": "CVE-2008-5422", "lastModified": "2018-10-30T16:25:58.420", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-12-11T15:30:00.457", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/33108"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-127553-04-1"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-240365-1"}, {"source": "cve@mitre.org", "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-502.htm"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/32769"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1021383"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/3406"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47253"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}