Unrated severityNVD Advisory· Published Jan 11, 2008· Updated Apr 23, 2026

CVE-2008-0240

Description

/idm/help/index.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to inject frames from arbitrary web sites and conduct phishing attacks via the helpUrl parameter, aka "frame injection."

Affected products

Sun Corporation/Java System Identity Manager5 versions
cpe:2.3:a:sun:java_system_identity_manager:6.0:sp1:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:sun:java_system_identity_manager:6.0:sp1:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_identity_manager:6.0:sp2:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_identity_manager:6.0:sp3:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_identity_manager:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_identity_manager:7.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.procheckup.com/Vulnerability_PR07-10.phpnvdExploitPatch
secunia.com/advisories/28356nvdVendor Advisory
securityreason.com/securityalert/3535nvd
sunsolve.sun.com/search/document.donvd
sunsolve.sun.com/search/document.donvd
www.securityfocus.com/archive/1/486076/100/0/threadednvd
www.securityfocus.com/bid/27214nvd
www.vupen.com/english/advisories/2008/0089nvd
exchange.xforce.ibmcloud.com/vulnerabilities/39586nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.006
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000