Sun: >> Java System Access Manager >> 6.3_2005q1 Security Vulnerabilities
Sun Java System Access Manager 6.3 2005Q1, 7.0 2005Q4, and 7.1; and OpenSSO Enterprise 8.0; when AMConfig.properties enables the debug flag, allows local users to discover cleartext passwords by reading debug files.
CVSS Score
2.1
EPSS Score
0.001
Published
2009-08-07
The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4 and 7.1, when Cross Domain Single Sign On (CDSSO) is enabled, does not ensure that "policy advice" is presented to the correct client, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.004
Published
2009-08-07
The login module in Sun Java System Access Manager 6 2005Q1 (aka 6.3), 7 2005Q4 (aka 7.0), and 7.1 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
CVSS Score
5.0
EPSS Score
0.085
Published
2009-01-29