Search criteria

6 vulnerabilities found for java_system_identity_server by sun

CVE-2010-0311 (GCVE-0-2010-0311)

Vulnerability from nvd – Published: 2010-01-14 19:00 – Updated: 2024-08-07 00:45
VLAI
Summary
Unspecified vulnerability in Sun Java System Identity Manager (aka IdM) 8.1.0.5 and 8.1.0.6, when Sun Java System Access Manager, OpenSSO Enterprise 8.0, or IBM Tivoli Access Manager is used, allows remote attackers to obtain administrative access via unknown vectors.
Severity
No CVSS data available.
CWE
  • n/a
Assigner
References
URL Tags
http://www.securityfocus.com/bid/37755 vdb-entryx_refsource_BID
http://securitytracker.com/id?1023447 vdb-entryx_refsource_SECTRACK
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://sunsolve.sun.com/search/document.do?assetk… vendor-advisoryx_refsource_SUNALERT
http://secunia.com/advisories/38130 third-party-advisoryx_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetk… x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2010/0108 vdb-entryx_refsource_VUPEN
http://osvdb.org/61658 vdb-entryx_refsource_OSVDB
Date Public
2010-01-11 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:45:11.949Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "37755",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/37755"
          },
          {
            "name": "1023447",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1023447"
          },
          {
            "name": "jsim-unspecified-security-bypass(55572)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55572"
          },
          {
            "name": "275010",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-275010-1"
          },
          {
            "name": "38130",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38130"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141642-08-1"
          },
          {
            "name": "ADV-2010-0108",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0108"
          },
          {
            "name": "61658",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/61658"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-01-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Sun Java System Identity Manager (aka IdM) 8.1.0.5 and 8.1.0.6, when Sun Java System Access Manager, OpenSSO Enterprise 8.0, or IBM Tivoli Access Manager is used, allows remote attackers to obtain administrative access via unknown vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "37755",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/37755"
        },
        {
          "name": "1023447",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1023447"
        },
        {
          "name": "jsim-unspecified-security-bypass(55572)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55572"
        },
        {
          "name": "275010",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-275010-1"
        },
        {
          "name": "38130",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38130"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141642-08-1"
        },
        {
          "name": "ADV-2010-0108",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0108"
        },
        {
          "name": "61658",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/61658"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-0311",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Sun Java System Identity Manager (aka IdM) 8.1.0.5 and 8.1.0.6, when Sun Java System Access Manager, OpenSSO Enterprise 8.0, or IBM Tivoli Access Manager is used, allows remote attackers to obtain administrative access via unknown vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "37755",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/37755"
            },
            {
              "name": "1023447",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1023447"
            },
            {
              "name": "jsim-unspecified-security-bypass(55572)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55572"
            },
            {
              "name": "275010",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-275010-1"
            },
            {
              "name": "38130",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38130"
            },
            {
              "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141642-08-1",
              "refsource": "CONFIRM",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141642-08-1"
            },
            {
              "name": "ADV-2010-0108",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/0108"
            },
            {
              "name": "61658",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/61658"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-0311",
    "datePublished": "2010-01-14T19:00:00.000Z",
    "dateReserved": "2010-01-14T00:00:00.000Z",
    "dateUpdated": "2024-08-07T00:45:11.949Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2008-2945 (GCVE-0-2008-2945)

Vulnerability from nvd – Published: 2008-06-30 22:00 – Updated: 2024-08-07 09:21
VLAI
Summary
Sun Java System Access Manager 6.3 through 7.1 and Sun Java System Identity Server 6.1 and 6.2 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715, CVE-2007-3716, and CVE-2007-4289.
Severity
No CVSS data available.
CWE
  • n/a
Assigner
References
URL Tags
http://sunsolve.sun.com/search/document.do?assetk… vendor-advisoryx_refsource_SUNALERT
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://support.avaya.com/elmodocs2/security/ASA-2… x_refsource_CONFIRM
http://www.securitytracker.com/id?1020380 vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/29988 vdb-entryx_refsource_BID
http://www.vupen.com/english/advisories/2008/1967… vdb-entryx_refsource_VUPEN
http://secunia.com/advisories/30893 third-party-advisoryx_refsource_SECUNIA
Date Public
2008-06-26 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:21:34.571Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "201538",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-201538-1"
          },
          {
            "name": "sun-jsam-xslt-code-execution(43429)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43429"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-294.htm"
          },
          {
            "name": "1020380",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020380"
          },
          {
            "name": "29988",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/29988"
          },
          {
            "name": "ADV-2008-1967",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1967/references"
          },
          {
            "name": "30893",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30893"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-06-26T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Sun Java System Access Manager 6.3 through 7.1 and Sun Java System Identity Server 6.1 and 6.2 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715, CVE-2007-3716, and CVE-2007-4289."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "201538",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-201538-1"
        },
        {
          "name": "sun-jsam-xslt-code-execution(43429)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43429"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-294.htm"
        },
        {
          "name": "1020380",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1020380"
        },
        {
          "name": "29988",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/29988"
        },
        {
          "name": "ADV-2008-1967",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1967/references"
        },
        {
          "name": "30893",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30893"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-2945",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Sun Java System Access Manager 6.3 through 7.1 and Sun Java System Identity Server 6.1 and 6.2 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715, CVE-2007-3716, and CVE-2007-4289."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "201538",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-201538-1"
            },
            {
              "name": "sun-jsam-xslt-code-execution(43429)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43429"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-294.htm",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-294.htm"
            },
            {
              "name": "1020380",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1020380"
            },
            {
              "name": "29988",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/29988"
            },
            {
              "name": "ADV-2008-1967",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1967/references"
            },
            {
              "name": "30893",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30893"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-2945",
    "datePublished": "2008-06-30T22:00:00.000Z",
    "dateReserved": "2008-06-30T00:00:00.000Z",
    "dateUpdated": "2024-08-07T09:21:34.571Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

FKIE_CVE-2010-0311

Vulnerability from fkie_nvd - Published: 2010-01-14 19:30 - Updated: 2026-04-23 00:35
Severity
Summary
Unspecified vulnerability in Sun Java System Identity Manager (aka IdM) 8.1.0.5 and 8.1.0.6, when Sun Java System Access Manager, OpenSSO Enterprise 8.0, or IBM Tivoli Access Manager is used, allows remote attackers to obtain administrative access via unknown vectors.
References
cve@mitre.orghttp://osvdb.org/61658
cve@mitre.orghttp://secunia.com/advisories/38130Vendor Advisory
cve@mitre.orghttp://securitytracker.com/id?1023447
cve@mitre.orghttp://sunsolve.sun.com/search/document.do?assetkey=1-21-141642-08-1Patch
cve@mitre.orghttp://sunsolve.sun.com/search/document.do?assetkey=1-66-275010-1Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/37755
cve@mitre.orghttp://www.vupen.com/english/advisories/2010/0108Vendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/55572
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/61658
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/38130Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1023447
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-21-141642-08-1Patch
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-66-275010-1Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/37755
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/0108Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/55572
Impacted products
Vendor Product Version
sun java_system_identity_server 8.1.0.5
sun java_system_identity_server 8.1.0.6
ibm tivoli_access_manager_for_e-business *
sun java_system_access_manager *
sun opensso_enterprise 8.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sun:java_system_identity_server:8.1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCDA71AD-2BAE-42DC-A050-76B4932141B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java_system_identity_server:8.1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "28F834A5-E3BE-4A83-83C3-1EF5FB2F10D1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1AACE9A-B450-433E-AF0D-06A82D728AD5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:sun:java_system_access_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2402481-C481-4FB6-9415-2504B3B93F7E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:sun:opensso_enterprise:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D05F3A1-C5F3-43CA-9150-17FE55A89A30",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in Sun Java System Identity Manager (aka IdM) 8.1.0.5 and 8.1.0.6, when Sun Java System Access Manager, OpenSSO Enterprise 8.0, or IBM Tivoli Access Manager is used, allows remote attackers to obtain administrative access via unknown vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en Sun Java System Identity Manager (tambi\u00e9n conocido como IdM) v8.1.0.5 y v8.1.0.6, cuando se usa con Sun Java System Access Manager, OpenSSO Enterprise v8.0 o IBM Tivoli Access Manager, permite a atacantes remotos obtener acceso como administrador a trav\u00e9s de vectores desconocidos."
    }
  ],
  "id": "CVE-2010-0311",
  "lastModified": "2026-04-23T00:35:47.467",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-01-14T19:30:00.547",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/61658"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38130"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1023447"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141642-08-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-275010-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/37755"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0108"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55572"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/61658"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38130"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1023447"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141642-08-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-275010-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/37755"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0108"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55572"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2008-2945

Vulnerability from fkie_nvd - Published: 2008-06-30 22:41 - Updated: 2026-04-23 00:35
Severity
Summary
Sun Java System Access Manager 6.3 through 7.1 and Sun Java System Identity Server 6.1 and 6.2 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715, CVE-2007-3716, and CVE-2007-4289.
References
cve@mitre.orghttp://secunia.com/advisories/30893
cve@mitre.orghttp://sunsolve.sun.com/search/document.do?assetkey=1-26-201538-1
cve@mitre.orghttp://support.avaya.com/elmodocs2/security/ASA-2008-294.htm
cve@mitre.orghttp://www.securityfocus.com/bid/29988
cve@mitre.orghttp://www.securitytracker.com/id?1020380
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/1967/references
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/43429
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30893
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-26-201538-1
af854a3a-2127-422b-91ae-364da2661108http://support.avaya.com/elmodocs2/security/ASA-2008-294.htm
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/29988
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1020380
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/1967/references
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/43429
Impacted products
Vendor Product Version
sun java_system_access_manager 6.3
sun java_system_access_manager 7.0
sun java_system_access_manager 7.1
sun java_system_identity_server 6.1
sun java_system_identity_server 6.2
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sun:java_system_access_manager:6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "31DEED4B-0AFF-49A2-9DDA-B4D74E3B29A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java_system_access_manager:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D88350FE-285D-4144-B7DC-5E1F8579CC56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java_system_access_manager:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B5B089E-62AC-44E5-9462-DC439C7AA8A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java_system_identity_server:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB8DC1D1-AF26-48BC-A773-5D7CAC70C7D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sun:java_system_identity_server:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9770CADB-E22A-425C-A35B-AFC52CE53C88",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Sun Java System Access Manager 6.3 through 7.1 and Sun Java System Identity Server 6.1 and 6.2 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715, CVE-2007-3716, and CVE-2007-4289."
    },
    {
      "lang": "es",
      "value": "Sun Java System Access Manager 6.3 hasta 7.1 y Sun Java System Identity Server 6.1 y 6.2 no procesa adecuadamente hojas de estilo XSLT en transformaciones XSLT de firmas XML."
    }
  ],
  "id": "CVE-2008-2945",
  "lastModified": "2026-04-23T00:35:47.467",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-06-30T22:41:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/30893"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-201538-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-294.htm"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/29988"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1020380"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/1967/references"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43429"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30893"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-201538-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-294.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/29988"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1020380"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1967/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43429"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2010-0311 (GCVE-0-2010-0311)

Vulnerability from cvelistv5 – Published: 2010-01-14 19:00 – Updated: 2024-08-07 00:45
VLAI
Summary
Unspecified vulnerability in Sun Java System Identity Manager (aka IdM) 8.1.0.5 and 8.1.0.6, when Sun Java System Access Manager, OpenSSO Enterprise 8.0, or IBM Tivoli Access Manager is used, allows remote attackers to obtain administrative access via unknown vectors.
Severity
No CVSS data available.
CWE
  • n/a
Assigner
References
URL Tags
http://www.securityfocus.com/bid/37755 vdb-entryx_refsource_BID
http://securitytracker.com/id?1023447 vdb-entryx_refsource_SECTRACK
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://sunsolve.sun.com/search/document.do?assetk… vendor-advisoryx_refsource_SUNALERT
http://secunia.com/advisories/38130 third-party-advisoryx_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetk… x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2010/0108 vdb-entryx_refsource_VUPEN
http://osvdb.org/61658 vdb-entryx_refsource_OSVDB
Date Public
2010-01-11 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:45:11.949Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "37755",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/37755"
          },
          {
            "name": "1023447",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1023447"
          },
          {
            "name": "jsim-unspecified-security-bypass(55572)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55572"
          },
          {
            "name": "275010",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-275010-1"
          },
          {
            "name": "38130",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38130"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141642-08-1"
          },
          {
            "name": "ADV-2010-0108",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0108"
          },
          {
            "name": "61658",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/61658"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-01-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Sun Java System Identity Manager (aka IdM) 8.1.0.5 and 8.1.0.6, when Sun Java System Access Manager, OpenSSO Enterprise 8.0, or IBM Tivoli Access Manager is used, allows remote attackers to obtain administrative access via unknown vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "37755",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/37755"
        },
        {
          "name": "1023447",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1023447"
        },
        {
          "name": "jsim-unspecified-security-bypass(55572)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55572"
        },
        {
          "name": "275010",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-275010-1"
        },
        {
          "name": "38130",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38130"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141642-08-1"
        },
        {
          "name": "ADV-2010-0108",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0108"
        },
        {
          "name": "61658",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/61658"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-0311",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Sun Java System Identity Manager (aka IdM) 8.1.0.5 and 8.1.0.6, when Sun Java System Access Manager, OpenSSO Enterprise 8.0, or IBM Tivoli Access Manager is used, allows remote attackers to obtain administrative access via unknown vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "37755",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/37755"
            },
            {
              "name": "1023447",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1023447"
            },
            {
              "name": "jsim-unspecified-security-bypass(55572)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55572"
            },
            {
              "name": "275010",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-275010-1"
            },
            {
              "name": "38130",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38130"
            },
            {
              "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141642-08-1",
              "refsource": "CONFIRM",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141642-08-1"
            },
            {
              "name": "ADV-2010-0108",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/0108"
            },
            {
              "name": "61658",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/61658"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-0311",
    "datePublished": "2010-01-14T19:00:00.000Z",
    "dateReserved": "2010-01-14T00:00:00.000Z",
    "dateUpdated": "2024-08-07T00:45:11.949Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2008-2945 (GCVE-0-2008-2945)

Vulnerability from cvelistv5 – Published: 2008-06-30 22:00 – Updated: 2024-08-07 09:21
VLAI
Summary
Sun Java System Access Manager 6.3 through 7.1 and Sun Java System Identity Server 6.1 and 6.2 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715, CVE-2007-3716, and CVE-2007-4289.
Severity
No CVSS data available.
CWE
  • n/a
Assigner
References
URL Tags
http://sunsolve.sun.com/search/document.do?assetk… vendor-advisoryx_refsource_SUNALERT
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://support.avaya.com/elmodocs2/security/ASA-2… x_refsource_CONFIRM
http://www.securitytracker.com/id?1020380 vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/29988 vdb-entryx_refsource_BID
http://www.vupen.com/english/advisories/2008/1967… vdb-entryx_refsource_VUPEN
http://secunia.com/advisories/30893 third-party-advisoryx_refsource_SECUNIA
Date Public
2008-06-26 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:21:34.571Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "201538",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-201538-1"
          },
          {
            "name": "sun-jsam-xslt-code-execution(43429)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43429"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-294.htm"
          },
          {
            "name": "1020380",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020380"
          },
          {
            "name": "29988",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/29988"
          },
          {
            "name": "ADV-2008-1967",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1967/references"
          },
          {
            "name": "30893",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30893"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-06-26T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Sun Java System Access Manager 6.3 through 7.1 and Sun Java System Identity Server 6.1 and 6.2 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715, CVE-2007-3716, and CVE-2007-4289."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "201538",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-201538-1"
        },
        {
          "name": "sun-jsam-xslt-code-execution(43429)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43429"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-294.htm"
        },
        {
          "name": "1020380",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1020380"
        },
        {
          "name": "29988",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/29988"
        },
        {
          "name": "ADV-2008-1967",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1967/references"
        },
        {
          "name": "30893",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30893"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-2945",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Sun Java System Access Manager 6.3 through 7.1 and Sun Java System Identity Server 6.1 and 6.2 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715, CVE-2007-3716, and CVE-2007-4289."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "201538",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-201538-1"
            },
            {
              "name": "sun-jsam-xslt-code-execution(43429)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43429"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-294.htm",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-294.htm"
            },
            {
              "name": "1020380",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1020380"
            },
            {
              "name": "29988",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/29988"
            },
            {
              "name": "ADV-2008-1967",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1967/references"
            },
            {
              "name": "30893",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30893"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-2945",
    "datePublished": "2008-06-30T22:00:00.000Z",
    "dateReserved": "2008-06-30T00:00:00.000Z",
    "dateUpdated": "2024-08-07T09:21:34.571Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}