CVE-2008-2945

CWE-20 — Improper Input Validation3 documents3 sources

Severity

7.5HIGH

EPSS

0.9%

top 24.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN Java System Access Manager SUN Java System Identity Server

Timeline

PublishedJun 30

Latest updateMay 1

Description

Sun Java System Access Manager 6.3 through 7.1 and Sun Java System Identity Server 6.1 and 6.2 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715, CVE-2007-3716, and CVE-2007-4289.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDsun/java_system_access_manager6.3, 7.0, 7.1+2

▶NVDsun/java_system_identity_server6.1, 6.2+1

🔴Vulnerability Details

GHSA

GHSA-hqwp-wj7r-gf8j: Sun Java System Access Manager 6↗2022-05-01

▶

CVEList

CVE-2008-2945: Sun Java System Access Manager 6↗2008-06-30

▶