{"api_version":"1","generated_at":"2026-04-24T18:55:56+00:00","cve":"CVE-2009-1078","urls":{"html":"https://cve.report/CVE-2009-1078","api":"https://cve.report/api/cve/CVE-2009-1078.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2009-1078","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2009-1078"},"summary":{"title":"CVE-2009-1078","description":"Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not enforce the expected privilege requirements for (1) deleting audit policies and (2) modifying workflows, which allows remote authenticated users to have an unspecified impact.","state":"PUBLISHED","assigner":"mitre","published_at":"2009-03-25 15:30:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["CWE-264","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4","severity":"","vector":"AV:N/AC:L/Au:S/C:N/I:P/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:N","baseScore":4,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}}],"references":[{"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1","name":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"#253267: Sun Java System Identity Manager Security Vulnerabilities","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/34191","name":"http://www.securityfocus.com/bid/34191","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch"],"title":"Sun Java System Identity Manager Multiple Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://blogs.sun.com/security/entry/sun_alert_253267_sun_java","name":"http://blogs.sun.com/security/entry/sun_alert_253267_sun_java","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"Security","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1","name":"http://sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"#140935-01: Identity Manager 7.0: Security patch","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2009/0797","name":"http://www.vupen.com/english/advisories/2009/0797","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securitytracker.com/id?1021881","name":"http://securitytracker.com/id?1021881","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Sun Java System Identity Manager Bugs Let Local and Remote Users Gain Privileges - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/34380","name":"http://secunia.com/advisories/34380","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Sun Java System Identity Manager Multiple Vulnerabilities - Secunia Advisories - Vulnerability Information - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2009-1078","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-1078","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2009","cve_id":"1078","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"java_system_identity_manager","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"1078","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"java_system_identity_manager","cpe6":"7.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"1078","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"java_system_identity_manager","cpe6":"7.1.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"1078","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"java_system_identity_manager","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T04:57:17.888Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"253267","tags":["vendor-advisory","x_refsource_SUNALERT","x_transferred"],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1"},{"name":"1021881","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://securitytracker.com/id?1021881"},{"name":"34191","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/34191"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://blogs.sun.com/security/entry/sun_alert_253267_sun_java"},{"name":"ADV-2009-0797","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2009/0797"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1"},{"name":"34380","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/34380"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"descriptions":[{"lang":"en","value":"Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not enforce the expected privilege requirements for (1) deleting audit policies and (2) modifying workflows, which allows remote authenticated users to have an unspecified impact."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2009-03-25T15:00:00.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"253267","tags":["vendor-advisory","x_refsource_SUNALERT"],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1"},{"name":"1021881","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://securitytracker.com/id?1021881"},{"name":"34191","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/34191"},{"tags":["x_refsource_CONFIRM"],"url":"http://blogs.sun.com/security/entry/sun_alert_253267_sun_java"},{"name":"ADV-2009-0797","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2009/0797"},{"tags":["x_refsource_CONFIRM"],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1"},{"name":"34380","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/34380"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2009-1078","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not enforce the expected privilege requirements for (1) deleting audit policies and (2) modifying workflows, which allows remote authenticated users to have an unspecified impact."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"253267","refsource":"SUNALERT","url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1"},{"name":"1021881","refsource":"SECTRACK","url":"http://securitytracker.com/id?1021881"},{"name":"34191","refsource":"BID","url":"http://www.securityfocus.com/bid/34191"},{"name":"http://blogs.sun.com/security/entry/sun_alert_253267_sun_java","refsource":"CONFIRM","url":"http://blogs.sun.com/security/entry/sun_alert_253267_sun_java"},{"name":"ADV-2009-0797","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2009/0797"},{"name":"http://sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1","refsource":"CONFIRM","url":"http://sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1"},{"name":"34380","refsource":"SECUNIA","url":"http://secunia.com/advisories/34380"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2009-1078","datePublished":"2009-03-25T15:00:00.000Z","dateReserved":"2009-03-25T00:00:00.000Z","dateUpdated":"2024-09-16T19:35:51.665Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2009-03-25 15:30:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["CWE-264","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:N","baseScore":4,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sun:java_system_identity_manager:7.0:*:*:*:*:*:*:*","matchCriteriaId":"0980492E-B7DB-4B9F-A400-FDC47DB89A95"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:java_system_identity_manager:7.1:*:*:*:*:*:*:*","matchCriteriaId":"3A5C87C0-3734-4568-97A6-6AB8979AABE7"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:java_system_identity_manager:7.1.1:*:*:*:*:*:*:*","matchCriteriaId":"E1E3B2F0-90E6-4868-915F-87131711EEE5"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:java_system_identity_manager:8.0:*:*:*:*:*:*:*","matchCriteriaId":"90BC0B23-0CEE-489B-B89A-8776272EC8D2"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2009","CveId":"1078","Ordinal":"1","Title":"CVE-2009-1078","CVE":"CVE-2009-1078","Year":"2009"},"notes":[{"CveYear":"2009","CveId":"1078","Ordinal":"1","NoteData":"Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not enforce the expected privilege requirements for (1) deleting audit policies and (2) modifying workflows, which allows remote authenticated users to have an unspecified impact.","Type":"Description","Title":"CVE-2009-1078"},{"CveYear":"2009","CveId":"1078","Ordinal":"2","NoteData":"2009-03-25","Type":"Other","Title":"Published"}]}}}