{"api_version":"1","generated_at":"2026-04-24T18:54:41+00:00","cve":"CVE-2009-1084","urls":{"html":"https://cve.report/CVE-2009-1084","api":"https://cve.report/api/cve/CVE-2009-1084.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2009-1084","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2009-1084"},"summary":{"title":"CVE-2009-1084","description":"Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not properly restrict access to the System Configuration object, which allows remote authenticated administrators and possibly remote attackers to have an unspecified impact by modifying this object.","state":"PUBLISHED","assigner":"mitre","published_at":"2009-03-25 15:30:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["CWE-264","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"6.4","severity":"","vector":"AV:N/AC:L/Au:N/C:P/I:P/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:N","baseScore":6.4,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}}],"references":[{"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1","name":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"#253267: Sun Java System Identity Manager Security Vulnerabilities","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-21-139010-06-1","name":"http://sunsolve.sun.com/search/document.do?assetkey=1-21-139010-06-1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"http://www.securityfocus.com/bid/34191","name":"http://www.securityfocus.com/bid/34191","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Sun Java System Identity Manager Multiple Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://blogs.sun.com/security/entry/sun_alert_253267_sun_java","name":"http://blogs.sun.com/security/entry/sun_alert_253267_sun_java","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"Security","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1","name":"http://sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"#140935-01: Identity Manager 7.0: Security patch","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2009/0797","name":"http://www.vupen.com/english/advisories/2009/0797","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securitytracker.com/id?1021881","name":"http://securitytracker.com/id?1021881","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Sun Java System Identity Manager Bugs Let Local and Remote Users Gain Privileges - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/49607","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/49607","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/34380","name":"http://secunia.com/advisories/34380","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Sun Java System Identity Manager Multiple Vulnerabilities - Secunia Advisories - Vulnerability Information - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2009-1084","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-1084","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2009","cve_id":"1084","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"java_system_identity_manager","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"1084","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"java_system_identity_manager","cpe6":"7.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"1084","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"java_system_identity_manager","cpe6":"7.1.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"1084","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"java_system_identity_manager","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T04:57:17.829Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"253267","tags":["vendor-advisory","x_refsource_SUNALERT","x_transferred"],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-21-139010-06-1"},{"name":"1021881","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://securitytracker.com/id?1021881"},{"name":"34191","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/34191"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://blogs.sun.com/security/entry/sun_alert_253267_sun_java"},{"name":"ADV-2009-0797","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2009/0797"},{"name":"jsim-sco-unspecified(49607)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/49607"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1"},{"name":"34380","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/34380"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2009-03-23T00:00:00.000Z","descriptions":[{"lang":"en","value":"Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not properly restrict access to the System Configuration object, which allows remote authenticated administrators and possibly remote attackers to have an unspecified impact by modifying this object."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-08-16T14:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"253267","tags":["vendor-advisory","x_refsource_SUNALERT"],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1"},{"tags":["x_refsource_CONFIRM"],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-21-139010-06-1"},{"name":"1021881","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://securitytracker.com/id?1021881"},{"name":"34191","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/34191"},{"tags":["x_refsource_CONFIRM"],"url":"http://blogs.sun.com/security/entry/sun_alert_253267_sun_java"},{"name":"ADV-2009-0797","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2009/0797"},{"name":"jsim-sco-unspecified(49607)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/49607"},{"tags":["x_refsource_CONFIRM"],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1"},{"name":"34380","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/34380"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2009-1084","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not properly restrict access to the System Configuration object, which allows remote authenticated administrators and possibly remote attackers to have an unspecified impact by modifying this object."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"253267","refsource":"SUNALERT","url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1"},{"name":"http://sunsolve.sun.com/search/document.do?assetkey=1-21-139010-06-1","refsource":"CONFIRM","url":"http://sunsolve.sun.com/search/document.do?assetkey=1-21-139010-06-1"},{"name":"1021881","refsource":"SECTRACK","url":"http://securitytracker.com/id?1021881"},{"name":"34191","refsource":"BID","url":"http://www.securityfocus.com/bid/34191"},{"name":"http://blogs.sun.com/security/entry/sun_alert_253267_sun_java","refsource":"CONFIRM","url":"http://blogs.sun.com/security/entry/sun_alert_253267_sun_java"},{"name":"ADV-2009-0797","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2009/0797"},{"name":"jsim-sco-unspecified(49607)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/49607"},{"name":"http://sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1","refsource":"CONFIRM","url":"http://sunsolve.sun.com/search/document.do?assetkey=1-21-140935-01-1"},{"name":"34380","refsource":"SECUNIA","url":"http://secunia.com/advisories/34380"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2009-1084","datePublished":"2009-03-25T15:00:00.000Z","dateReserved":"2009-03-25T00:00:00.000Z","dateUpdated":"2024-08-07T04:57:17.829Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2009-03-25 15:30:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["CWE-264","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:N","baseScore":6.4,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sun:java_system_identity_manager:7.0:*:*:*:*:*:*:*","matchCriteriaId":"0980492E-B7DB-4B9F-A400-FDC47DB89A95"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:java_system_identity_manager:7.1:*:*:*:*:*:*:*","matchCriteriaId":"3A5C87C0-3734-4568-97A6-6AB8979AABE7"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:java_system_identity_manager:7.1.1:*:*:*:*:*:*:*","matchCriteriaId":"E1E3B2F0-90E6-4868-915F-87131711EEE5"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:java_system_identity_manager:8.0:*:*:*:*:*:*:*","matchCriteriaId":"90BC0B23-0CEE-489B-B89A-8776272EC8D2"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2009","CveId":"1084","Ordinal":"1","Title":"CVE-2009-1084","CVE":"CVE-2009-1084","Year":"2009"},"notes":[{"CveYear":"2009","CveId":"1084","Ordinal":"1","NoteData":"Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not properly restrict access to the System Configuration object, which allows remote authenticated administrators and possibly remote attackers to have an unspecified impact by modifying this object.","Type":"Description","Title":"CVE-2009-1084"},{"CveYear":"2009","CveId":"1084","Ordinal":"2","NoteData":"2009-03-25","Type":"Other","Title":"Published"},{"CveYear":"2009","CveId":"1084","Ordinal":"3","NoteData":"2017-08-16","Type":"Other","Title":"Modified"}]}}}