CVE-2009-1084

high

Description

Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not properly restrict access to the System Configuration object, which allows remote authenticated administrators and possibly remote attackers to have an unspecified impact by modifying this object.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/49607

http://www.vupen.com/english/advisories/2009/0797

http://www.securityfocus.com/bid/34191

http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1

http://sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1

http://sunsolve.sun.com/search/document.do?assetkey=1-21-139010-06-1

http://securitytracker.com/id?1021881

http://secunia.com/advisories/34380

http://blogs.sun.com/security/entry/sun_alert_253267_sun_java

Details

Source: Mitre, NVD

Published: 2009-03-25

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 7.2

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00672