icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Sun Java System Access Manager 7.1 < Patch 2 Multiple Vulnerabilities

Medium

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

The remote host is running a version of Sun Java System Access Manager 7.1 earlier than Patch 2. Such versions are potentially affected by multiple issues :

- A vulnerability may allow unauthorized access to resources by revealing passwords to remote users who have privileges to access the administration console. (1-66-242166-1)

- A sub-realm administrator may be able to escalate their privileges and access the root realm as an administrator. (1-66-249106-1)

- A username-enumeration weakness could allow an attacker to determine valid user-names. (1-66-242026-1)

Solution

Upgrade to Sun Java System Access Manager 7.1 Patch 2. This may require different patches depending on your installation type.