Note: This is an archival copy of Security Sun Alert 275010 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1021753.1.
Sun Identity Manager 8.1
Date of Resolved Release
A security vulnerability in the Sun Java System Identity Manager:
A security vulnerability in the Sun Java System Identity Manager may allow a local or remote unprivileged user to gain unauthorized access with all administrator privileges when Identity Manager is configured with Sun Java System Access Manager, OpenSSO Enterprise 8.0 or IBM Tivoli Access Manager.
2. Contributing Factors
This issue can occur in the following release for all Identity Manager supported platforms:
Version Sun Identity Manager 8.1 (20091021 Patch 5)Note: Only Sun Identity Manager 8.1 with patch 141642-06 or patch 141642-07 is affected by this vulnerability.
There are no predictable symptoms that would indicate the described issue has been exploited.
There is no workaround for this issue. Please see the Resolution section below.
This issue is addressed in the following release for all Identity Manager supported platforms:
Copyright 2000-2010 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
This solution has no attachment