{"api_version":"1","generated_at":"2026-04-23T06:43:17+00:00","cve":"CVE-2008-2705","urls":{"html":"https://cve.report/CVE-2008-2705","api":"https://cve.report/api/cve/CVE-2008-2705.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2008-2705","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2008-2705"},"summary":{"title":"CVE-2008-2705","description":"Unspecified vulnerability in Sun Java System Access Manager (AM) 7.1, when used with certain versions and configurations of Sun Directory Server Enterprise Edition (DSEE), allows remote attackers to bypass authentication via unspecified vectors.","state":"PUBLISHED","assigner":"mitre","published_at":"2008-06-16 18:41:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["CWE-287","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"9.3","severity":"","vector":"AV:N/AC:M/Au:N/C:C/I:C/A:C","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"http://www.securitytracker.com/id?1020273","name":"http://www.securitytracker.com/id?1020273","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Sun Java System Access Manager Grants Administrator Access to Remote Users - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-26-238416-1","name":"http://sunsolve.sun.com/search/document.do?assetkey=1-26-238416-1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/43004","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/43004","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/30652","name":"http://secunia.com/advisories/30652","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Sun Java Access Manager Unspecified Security Bypass - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2008/1806","name":"http://www.vupen.com/english/advisories/2008/1806","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/29676","name":"http://www.securityfocus.com/bid/29676","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Sun Java System Access Manager Authentication Bypass Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2008-2705","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-2705","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2008","cve_id":"2705","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"java_system_access_manager","cpe6":"7.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T09:14:14.218Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"sun-jsam-unspecified-security-bypass(43004)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/43004"},{"name":"30652","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/30652"},{"name":"238416","tags":["vendor-advisory","x_refsource_SUNALERT","x_transferred"],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-26-238416-1"},{"name":"29676","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/29676"},{"name":"1020273","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1020273"},{"name":"ADV-2008-1806","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2008/1806"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2008-06-11T00:00:00.000Z","descriptions":[{"lang":"en","value":"Unspecified vulnerability in Sun Java System Access Manager (AM) 7.1, when used with certain versions and configurations of Sun Directory Server Enterprise Edition (DSEE), allows remote attackers to bypass authentication via unspecified vectors."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-08-07T12:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"sun-jsam-unspecified-security-bypass(43004)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/43004"},{"name":"30652","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/30652"},{"name":"238416","tags":["vendor-advisory","x_refsource_SUNALERT"],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-26-238416-1"},{"name":"29676","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/29676"},{"name":"1020273","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1020273"},{"name":"ADV-2008-1806","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2008/1806"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2008-2705","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Unspecified vulnerability in Sun Java System Access Manager (AM) 7.1, when used with certain versions and configurations of Sun Directory Server Enterprise Edition (DSEE), allows remote attackers to bypass authentication via unspecified vectors."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"sun-jsam-unspecified-security-bypass(43004)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/43004"},{"name":"30652","refsource":"SECUNIA","url":"http://secunia.com/advisories/30652"},{"name":"238416","refsource":"SUNALERT","url":"http://sunsolve.sun.com/search/document.do?assetkey=1-26-238416-1"},{"name":"29676","refsource":"BID","url":"http://www.securityfocus.com/bid/29676"},{"name":"1020273","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1020273"},{"name":"ADV-2008-1806","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2008/1806"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2008-2705","datePublished":"2008-06-16T18:26:00.000Z","dateReserved":"2008-06-16T00:00:00.000Z","dateUpdated":"2024-08-07T09:14:14.218Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2008-06-16 18:41:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["CWE-287","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":true,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sun:java_system_access_manager:7.1:*:*:*:*:*:*:*","matchCriteriaId":"0B5B089E-62AC-44E5-9462-DC439C7AA8A5"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2008","CveId":"2705","Ordinal":"1","Title":"CVE-2008-2705","CVE":"CVE-2008-2705","Year":"2008"},"notes":[{"CveYear":"2008","CveId":"2705","Ordinal":"1","NoteData":"Unspecified vulnerability in Sun Java System Access Manager (AM) 7.1, when used with certain versions and configurations of Sun Directory Server Enterprise Edition (DSEE), allows remote attackers to bypass authentication via unspecified vectors.","Type":"Description","Title":"CVE-2008-2705"},{"CveYear":"2008","CveId":"2705","Ordinal":"2","NoteData":"2008-06-16","Type":"Other","Title":"Published"},{"CveYear":"2008","CveId":"2705","Ordinal":"3","NoteData":"2017-08-07","Type":"Other","Title":"Modified"}]}}}