CVE-2008-5423

high

Description

Sun Sun Ray Server Software 3.x and 4.0 and Sun Ray Windows Connector 1.1 and 2.0 expose the LDAP password during a configuration step, which allows local users to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors related to the utconfig component of the Server Software and the uttscadm component of the Windows Connector.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/47258

http://www.vupen.com/english/advisories/2008/3407

http://www.vupen.com/english/advisories/2008/3406

http://www.securityfocus.com/bid/32772

http://support.avaya.com/elmodocs2/security/ASA-2008-500.htm

http://sunsolve.sun.com/search/document.do?assetkey=1-26-240506-1

http://sunsolve.sun.com/search/document.do?assetkey=1-21-127556-03-1

http://sunsolve.sun.com/search/document.do?assetkey=1-21-127553-04-1

http://securitytracker.com/id?1021379

http://secunia.com/advisories/33119

http://secunia.com/advisories/33108

Details

Source: Mitre, NVD

Published: 2008-12-11

Updated: 2018-10-30

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:L/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.1

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Severity: High