Описание
The Change My Password implementation in the admin interface in Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not enforce the RequiresChallenge property setting, which allows remote authenticated users to change the passwords of other users, as demonstrated by changing the administrator's password.
Ссылки
- PatchVendor Advisory
- Vendor Advisory
- Patch
- Patch
- Patch
- PatchVendor Advisory
- PatchVendor Advisory
- ExploitPatch
- Vendor Advisory
- PatchVendor Advisory
- Vendor Advisory
- Patch
- Patch
- Patch
- PatchVendor Advisory
- PatchVendor Advisory
- ExploitPatch
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:sun:java_system_identity_manager:7.0:*:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_identity_manager:7.1:*:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_identity_manager:7.1.1:*:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_identity_manager:8.0:*:*:*:*:*:*:*
EPSS
Процентиль: 83%
0.01929
Низкий
6.5 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
почти 4 года назад
The Change My Password implementation in the admin interface in Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not enforce the RequiresChallenge property setting, which allows remote authenticated users to change the passwords of other users, as demonstrated by changing the administrator's password.
EPSS
Процентиль: 83%
0.01929
Низкий
6.5 Medium
CVSS2
Дефекты
CWE-264