{"api_version":"1","generated_at":"2026-04-24T18:55:32+00:00","cve":"CVE-2009-1080","urls":{"html":"https://cve.report/CVE-2009-1080","api":"https://cve.report/api/cve/CVE-2009-1080.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2009-1080","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2009-1080"},"summary":{"title":"CVE-2009-1080","description":"Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager (IdM) 7.0 through 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID 19033.","state":"PUBLISHED","assigner":"mitre","published_at":"2009-03-25 15:30:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["CWE-79","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.3","severity":"","vector":"AV:N/AC:M/Au:N/C:N/I:P/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}}],"references":[{"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1","name":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"#253267: Sun Java System Identity Manager Security Vulnerabilities","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/34191","name":"http://www.securityfocus.com/bid/34191","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch"],"title":"Sun Java System Identity Manager Multiple Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://blogs.sun.com/security/entry/sun_alert_253267_sun_java","name":"http://blogs.sun.com/security/entry/sun_alert_253267_sun_java","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"Security","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2009/0797","name":"http://www.vupen.com/english/advisories/2009/0797","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securitytracker.com/id?1021881","name":"http://securitytracker.com/id?1021881","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Sun Java System Identity Manager Bugs Let Local and Remote Users Gain Privileges - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/34380","name":"http://secunia.com/advisories/34380","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Sun Java System Identity Manager Multiple Vulnerabilities - Secunia Advisories - Vulnerability Information - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2009-1080","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-1080","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2009","cve_id":"1080","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"java_system_identity_manager","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"1080","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"java_system_identity_manager","cpe6":"7.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"1080","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"java_system_identity_manager","cpe6":"7.1.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"1080","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"java_system_identity_manager","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T04:57:17.694Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"253267","tags":["vendor-advisory","x_refsource_SUNALERT","x_transferred"],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1"},{"name":"1021881","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://securitytracker.com/id?1021881"},{"name":"34191","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/34191"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://blogs.sun.com/security/entry/sun_alert_253267_sun_java"},{"name":"ADV-2009-0797","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2009/0797"},{"name":"34380","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/34380"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"descriptions":[{"lang":"en","value":"Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager (IdM) 7.0 through 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID 19033."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2009-03-25T15:00:00.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"253267","tags":["vendor-advisory","x_refsource_SUNALERT"],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1"},{"name":"1021881","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://securitytracker.com/id?1021881"},{"name":"34191","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/34191"},{"tags":["x_refsource_CONFIRM"],"url":"http://blogs.sun.com/security/entry/sun_alert_253267_sun_java"},{"name":"ADV-2009-0797","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2009/0797"},{"name":"34380","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/34380"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2009-1080","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager (IdM) 7.0 through 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID 19033."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"253267","refsource":"SUNALERT","url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1"},{"name":"1021881","refsource":"SECTRACK","url":"http://securitytracker.com/id?1021881"},{"name":"34191","refsource":"BID","url":"http://www.securityfocus.com/bid/34191"},{"name":"http://blogs.sun.com/security/entry/sun_alert_253267_sun_java","refsource":"CONFIRM","url":"http://blogs.sun.com/security/entry/sun_alert_253267_sun_java"},{"name":"ADV-2009-0797","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2009/0797"},{"name":"34380","refsource":"SECUNIA","url":"http://secunia.com/advisories/34380"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2009-1080","datePublished":"2009-03-25T15:00:00.000Z","dateReserved":"2009-03-25T00:00:00.000Z","dateUpdated":"2024-09-17T04:03:46.796Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2009-03-25 15:30:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["CWE-79","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sun:java_system_identity_manager:7.0:*:*:*:*:*:*:*","matchCriteriaId":"0980492E-B7DB-4B9F-A400-FDC47DB89A95"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:java_system_identity_manager:7.1:*:*:*:*:*:*:*","matchCriteriaId":"3A5C87C0-3734-4568-97A6-6AB8979AABE7"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:java_system_identity_manager:7.1.1:*:*:*:*:*:*:*","matchCriteriaId":"E1E3B2F0-90E6-4868-915F-87131711EEE5"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:java_system_identity_manager:8.0:*:*:*:*:*:*:*","matchCriteriaId":"90BC0B23-0CEE-489B-B89A-8776272EC8D2"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2009","CveId":"1080","Ordinal":"1","Title":"CVE-2009-1080","CVE":"CVE-2009-1080","Year":"2009"},"notes":[{"CveYear":"2009","CveId":"1080","Ordinal":"1","NoteData":"Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager (IdM) 7.0 through 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID 19033.","Type":"Description","Title":"CVE-2009-1080"},{"CveYear":"2009","CveId":"1080","Ordinal":"2","NoteData":"2009-03-25","Type":"Other","Title":"Published"}]}}}