CVE-2009-1084
First published: Wed Mar 25 2009(Updated: )
Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not properly restrict access to the System Configuration object, which allows remote authenticated administrators and possibly remote attackers to have an unspecified impact by modifying this object.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sun Java System Identity Manager | =7.1.1 | |
| Sun Java System Identity Manager | =7.0 | |
| Sun Java System Identity Manager | =7.1 | |
| Sun Java System Identity Manager | =8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://securitytracker.com/id?1021881
- http://www.securityfocus.com/bid/34191
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1
- http://www.vupen.com/english/advisories/2009/0797
- http://blogs.sun.com/security/entry/sun_alert_253267_sun_java
- http://secunia.com/advisories/34380
- http://sunsolve.sun.com/search/document.do?assetkey=1-21-139010-06-1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49607
Frequently Asked Questions
What is the severity of CVE-2009-1084?
CVE-2009-1084 has a medium severity rating due to the potential for unauthorized modification of system configuration.
Who is affected by CVE-2009-1084?
CVE-2009-1084 affects users of Sun Java System Identity Manager versions 7.0 through 8.0.
How do I fix CVE-2009-1084?
To fix CVE-2009-1084, upgrade to the latest version of Sun Java System Identity Manager that addresses this vulnerability.
What type of attack does CVE-2009-1084 enable?
CVE-2009-1084 could allow remote authenticated administrators to modify system configuration settings, which may lead to further attacks.
Is CVE-2009-1084 exploitable without authentication?
No, CVE-2009-1084 requires remote authenticated access to exploit the vulnerability.
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/remedy
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/severity
- agent/author
- agent/weakness
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/sun
- canonical/sun java system identity manager
- version/sun java system identity manager/7.1.1
- version/sun java system identity manager/7.0
- version/sun java system identity manager/7.1
- version/sun java system identity manager/8.0