HIGHπŸ‡΅πŸ‡± Wersja polska

CVE-2008-2945

CVSS 7.5v2.0pub. 2008-06-30upd. 2026-04-23

Sun Java System Access Manager 6.3 through 7.1 and Sun Java System Identity Server 6.1 and 6.2 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715, CVE-2007-3716, and CVE-2007-4289.

CVSS Vector
AV:N/AC:L/Au:N/C:P/I:P/A:P
  • Sun Java System Access Manager

    APP
    Sun
    6.37.07.1
  • Sun Java System Identity Server

    APP
    Sun
    6.16.2
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2009-0169HIGH9.0ten sam produkt

Sun Java System Access Manager 7.1 allows remote authenticated sub-realm administrators to gain privileges, as...

CVE-2008-2705HIGH9.3ten sam produkt

Unspecified vulnerability in Sun Java System Access Manager (AM) 7.1, when used with certain versions and conf...

CVE-2007-5152HIGH7.5ten sam produkt

Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 9.1 container, does...

CVE-2006-0531HIGH7.2ten sam produkt

Unspecified vulnerability in Sun Java System Access Manager 7.0 allows local users logged in as "root" to bypa...

CVE-2010-4444MEDIUM6.8ten sam produkt

Unspecified vulnerability in Oracle Sun Java System Access Manager and Oracle OpenSSO 7, 7.1, and 8 allows rem...

CVE-2008-2945 β€” Sun β€” Java System Access Manager β€” HIGH β€” CVSS 7.5 | CVEbaza.pl