Sun Security Blog
Security
|
16 Jan 2008
Sun Alert 103180 Multiple Security Vulnerabilities in the Sun Java System Identity Manager May Allow HTML Injection, Cross-Site Scripting Exploits or Unauthorized Redirection
Product: Sun Java System Identity Manager 7.0, Sun Java System Identity Manager 6.0, Sun Java System Identity Manager 7.1 Sun Java System Identity Manager is affected by multiple security vulnerabilties with varying impacts. Four Cross-site Scripting (XSS) vulnerabilities may allow local or remote unprivileged users the ability to execute unauthorized scripting code in a user's browser when that user clicks a link to Sun Java System Identity Manager. In addition, a further vulnerability may allow a local or remote unprivileged user to inject unauthorized HTML code into a user's browser when that user clicks a link to Sun Java System Identity Manager. Two additional vulnerabilities may allow a local or remote unprivileged user to redirect the browser to unintended remote sites or to inject frames containing data from unintended sites. Sun would like to acknowledge with thanks, Adrian Pastor and Jan Fry of ProCheckUp Ltd. for bringing 6 of these issues to our attention. Avoidance: Patch State: Resolved First released: 09-Jan-2008
Permalink
|
Comments [1]
Trackback URL: http://blogs.sun.com/security/entry/sun_alert_103180_multiple_security
Post a Comment: |
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Thank you so much for this update - we will begin exploring options!
Posted by PC on January 10, 2008 at 12:37 AM PST #