Vulnerability CVE-2008-5423


Published: 2008-12-11   Modified: 2012-02-12

Description:
Sun Sun Ray Server Software 3.x and 4.0 and Sun Ray Windows Connector 1.1 and 2.0 expose the LDAP password during a configuration step, which allows local users to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors related to the utconfig component of the Server Software and the uttscadm component of the Windows Connector.

Type:

CWE-200

(Information Exposure)

CVSS2 => (AV:L/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
6.4/10
3.1/10
Exploit range
Attack complexity
Authentication
Local
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
SUN -> Ray server software 
SUN -> Ray windows connector 

 References:
http://securitytracker.com/id?1021379
http://sunsolve.sun.com/search/document.do?assetkey=1-21-127553-04-1
http://sunsolve.sun.com/search/document.do?assetkey=1-21-127556-03-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-240506-1
http://support.avaya.com/elmodocs2/security/ASA-2008-500.htm
http://www.securityfocus.com/bid/32772
http://www.vupen.com/english/advisories/2008/3406
http://www.vupen.com/english/advisories/2008/3407
https://exchange.xforce.ibmcloud.com/vulnerabilities/47258

Copyright 2024, cxsecurity.com

 

Back to Top