Vulnerabilities > SUN > Java System Access Manager > 6.3

DATE CVE VULNERABILITY TITLE RISK
2009-01-16 CVE-2009-0170 Permissions, Privileges, and Access Controls vulnerability in SUN Java System Access Manager 6.3/7.02005Q4/7.1
Sun Java System Access Manager 6.3 2005Q1, 7 2005Q4, and 7.1 allows remote authenticated users with console privileges to discover passwords, and obtain unspecified other "access to resources," by visiting the Configuration Items component in the console.
network
sun CWE-264
6.0
2008-06-30 CVE-2008-2945 Improper Input Validation vulnerability in SUN products
Sun Java System Access Manager 6.3 through 7.1 and Sun Java System Identity Server 6.1 and 6.2 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715, CVE-2007-3716, and CVE-2007-4289.
network
low complexity
sun CWE-20
7.5
2007-01-31 CVE-2007-0628 Cross-Site Scripting vulnerability in Sun Java System Access Manager Undisclosed
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Access Manager 6.1, 6.2, 6 2005Q1 (6.3), and 7 2005Q4 (7.0) before 20070129 allow remote attackers to inject arbitrary web script or HTML via the (1) goto or (2) gx-charset parameter.
network
sun
4.3