Vulnerabilities > SUN > Java System Access Manager > 7.0.2005q4

DATE CVE VULNERABILITY TITLE RISK
2009-08-07 CVE-2009-2713 Information Disclosure vulnerability in SUN Java System Access Manager and Java System web Server
The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4 and 7.1, when Cross Domain Single Sign On (CDSSO) is enabled, does not ensure that "policy advice" is presented to the correct client, which allows remote attackers to obtain sensitive information via unspecified vectors.
network
sun
4.3
2009-08-07 CVE-2009-2712 Permissions, Privileges, and Access Controls vulnerability in SUN products
Sun Java System Access Manager 6.3 2005Q1, 7.0 2005Q4, and 7.1; and OpenSSO Enterprise 8.0; when AMConfig.properties enables the debug flag, allows local users to discover cleartext passwords by reading debug files.
local
low complexity
sun CWE-264
2.1
2009-07-01 CVE-2009-2268 Cross-Site Scripting vulnerability in SUN Java System Access Manager
Cross-site scripting (XSS) vulnerability in the Cross-Domain Controller (CDC) servlet in Sun Java System Access Manager 6 2005Q1, 7 2005Q4, and 7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
high complexity
sun CWE-79
2.6
2009-01-16 CVE-2009-0170 Permissions, Privileges, and Access Controls vulnerability in SUN Java System Access Manager 6.3/7.02005Q4/7.1
Sun Java System Access Manager 6.3 2005Q1, 7 2005Q4, and 7.1 allows remote authenticated users with console privileges to discover passwords, and obtain unspecified other "access to resources," by visiting the Configuration Items component in the console.
network
sun CWE-264
6.0
2008-03-08 CVE-2008-1204 Cross-Site Scripting vulnerability in SUN Java System Access Manager 7.0/7.02005Q4/7.1
Multiple cross-site scripting (XSS) vulnerabilities in the Administration Console in Sun Java System Access Manager 7.1 and 7 2005Q4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the (1) Help and (2) Version windows.
network
sun CWE-79
4.3