VYPR
Unrated severityNVD Advisory· Published Mar 25, 2009· Updated Jun 16, 2026

CVE-2009-1077

CVE-2009-1077

Description

The Change My Password implementation in the admin interface in Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not enforce the RequiresChallenge property setting, which allows remote authenticated users to change the passwords of other users, as demonstrated by changing the administrator's password.

Affected products

5
  • cpe:2.3:a:sun:java_system_identity_manager:7.0:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:sun:java_system_identity_manager:7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:java_system_identity_manager:7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:java_system_identity_manager:7.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:java_system_identity_manager:8.0:*:*:*:*:*:*:*
    • (no CPE)range: >=7.0, <=8.0

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.