Detections
Analytics

CVE-2008-5115

high

Description

Cross-site request forgery (CSRF) vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to hijack the authentication of administrators for requests that update the password via idm/admin/changeself.jsp.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/46553

http://www.vupen.com/english/advisories/2008/3128

http://www.securitytracker.com/id?1021170

http://www.securityfocus.com/bid/32262

http://www.securityfocus.com/archive/1/498479/100/0/threaded

http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr07-11

http://sunsolve.sun.com/search/document.do?assetkey=1-26-243386-1

http://secunia.com/advisories/32606

http://osvdb.org/49766

Details

Source: Mitre, NVD

Published: 2008-11-18

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.0068