The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Sun Identity Manager

computer vulnerability bulletin CVE-2010-3546

Sun Java System Identity Manager: altering data

Synthesis of the vulnerability

An attacker can use a vulnerability of Sun Java System Identity Manager, in order to obtain or alter information.
Impacted products: Sun Identity Manager.
Severity: 2/4.
Consequences: user access/rights, data reading, data creation/edition, data deletion.
Provenance: intranet client.
Creation date: 13/10/2010.
Identifiers: BID-43967, CVE-2010-3546, VIGILANCE-VUL-10038.

Description of the vulnerability

An attacker can use a vulnerability of Sun Java System Identity Manager, in order to obtain or alter information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2010-0311

Sun Identity Manager: privilege elevation

Synthesis of the vulnerability

A local or remote attacker can obtain administrator privileges via Sun Identity Manager.
Impacted products: Sun Identity Manager.
Severity: 3/4.
Consequences: administrator access/rights.
Provenance: intranet client.
Creation date: 13/01/2010.
Identifiers: 21838, 275010, BID-37755, CVE-2010-0311, VIGILANCE-VUL-9347.

Description of the vulnerability

The Sun Java System Identity Manager 8.1 product can be configured with:
 - Sun Java System Access Manager, or
 - OpenSSO Enterprise 8.0, or
 - IBM Tivoli Access Manager

In this configuration, and when patches 141642-06 or 141642-07 are installed, a local or remote attacker can obtain administrator privileges.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.