Vulnerabilities > SUN > Java System Access Manager

DATE CVE VULNERABILITY TITLE RISK
2008-03-08 CVE-2008-1204 Cross-Site Scripting vulnerability in SUN Java System Access Manager 7.0/7.02005Q4/7.1
Multiple cross-site scripting (XSS) vulnerabilities in the Administration Console in Sun Java System Access Manager 7.1 and 7 2005Q4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the (1) Help and (2) Version windows.
network
sun CWE-79
4.3
4.3
2007-10-01 CVE-2007-5153 Code Injection vulnerability in SUN products
Unspecified vulnerability in Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 8.x container, allows remote attackers to execute arbitrary code via unspecified vectors.
network
sun CWE-94
6.8
6.8
2007-10-01 CVE-2007-5152 Improper Authentication vulnerability in SUN products
Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 9.1 container, does not demand authentication after a container restart, which allows remote attackers to perform administrative tasks.
network
low complexity
sun CWE-287
7.5
7.5
2007-07-11 CVE-2007-3700 Unspecified vulnerability in SUN Java System Access Manager
Sun Java System Access Manager (formerly Java System Identity Server) before 20070710, when the message debug level is configured in the com.iplanet.services.debug.level property in AMConfig.properties, logs cleartext login passwords, which allows local users to gain privileges by reading /var/opt/SUNWam/debug/amAuth.
local
low complexity
sun
1.7
1.7
2007-01-31 CVE-2007-0628 Cross-Site Scripting vulnerability in Sun Java System Access Manager Undisclosed
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Access Manager 6.1, 6.2, 6 2005Q1 (6.3), and 7 2005Q4 (7.0) before 20070129 allow remote attackers to inject arbitrary web script or HTML via the (1) goto or (2) gx-charset parameter.
network
sun
4.3
4.3
2006-02-04 CVE-2006-0531 Local Authentication Bypass vulnerability in SUN Java System Access Manager 7.0
Unspecified vulnerability in Sun Java System Access Manager 7.0 allows local users logged in as "root" to bypass authentication and gain top-level administrator privileges via the amadmin CLI tool.
local
low complexity
sun
7.2
7.2