Vulnerabilities > SUN > Java System Access Manager > 6.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-01-16 | CVE-2009-0170 | Permissions, Privileges, and Access Controls vulnerability in SUN Java System Access Manager 6.3/7.02005Q4/7.1 Sun Java System Access Manager 6.3 2005Q1, 7 2005Q4, and 7.1 allows remote authenticated users with console privileges to discover passwords, and obtain unspecified other "access to resources," by visiting the Configuration Items component in the console. | 6.0 |
2008-06-30 | CVE-2008-2945 | Improper Input Validation vulnerability in SUN products Sun Java System Access Manager 6.3 through 7.1 and Sun Java System Identity Server 6.1 and 6.2 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715, CVE-2007-3716, and CVE-2007-4289. | 7.5 |
2007-01-31 | CVE-2007-0628 | Cross-Site Scripting vulnerability in Sun Java System Access Manager Undisclosed Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Access Manager 6.1, 6.2, 6 2005Q1 (6.3), and 7 2005Q4 (7.0) before 20070129 allow remote attackers to inject arbitrary web script or HTML via the (1) goto or (2) gx-charset parameter. network sun | 4.3 |