January 13, 2008

Sun Identity Manager is affected by multiple security vulnerabilities with varying impacts

Three Cross-site Scripting (XSS) vulnerabilities may allow local or remote unprivileged users the ability to execute unauthorized scripting code in a user's browser when that user clicks a link to Sun Java System Identity Manager. In addition, a further vulnerability may allow a local or remote unprivileged user to inject unauthorized HTML code into a user's browser when that user clicks a link to Sun Java System Identity Manager. Two additional vulnerabilities may allow a local or remote unprivileged user to redirect the browser to unintended remote sites or to inject frames containing data from unintended sites.