Vulnerability CVE-2008-5422
Published: 2008-12-11   Modified: 2012-02-12

Description:
Sun Sun Ray Server Software 3.1 through 4.0 does not properly restrict access, which allows remote attackers to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors.

Type:

CWE-264

 (Permissions, Privileges, and Access Controls)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
SUN -> Ray server software 

 References:
http://sunsolve.sun.com/search/document.do?assetkey=1-21-127553-04-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-240365-1
http://support.avaya.com/elmodocs2/security/ASA-2008-502.htm
http://www.securityfocus.com/bid/32769
http://www.securitytracker.com/id?1021383
http://www.vupen.com/english/advisories/2008/3406
https://exchange.xforce.ibmcloud.com/vulnerabilities/47253
Copyright 2024, cxsecurity.com

 

Back to Top