CVE-2008-0241 — Improper Input Validation in Java System Identity Manager

CWE-20 — Improper Input Validation3 documents3 sources

Severity

5.8MEDIUMNVD

EPSS

2.4%

top 15.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN Java System Identity Manager

Timeline

PublishedJan 11

Latest updateMay 1

Description

Open redirect vulnerability in /idm/user/login.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the nextPage parameter.

CVSS vector

AV:N/AC:M/C:N/I:P/A:PExploitability: 8.6 | Impact: 4.9

Affected Packages1 packages

▶NVDsun/java_system_identity_manager6.0, 7.0, 7.1+2

Patches

Patch: sunsolve.sun.com ↗Patch: sunsolve.sun.com ↗Patch: www.procheckup.com ↗

🔴Vulnerability Details

GHSA

GHSA-w9wm-7vhg-5j6v: Open redirect vulnerability in /idm/user/login↗2022-05-01

▶

CVEList

CVE-2008-0241: Open redirect vulnerability in /idm/user/login↗2008-01-11

▶