{"api_version":"1","generated_at":"2026-04-23T06:43:38+00:00","cve":"CVE-2010-0311","urls":{"html":"https://cve.report/CVE-2010-0311","api":"https://cve.report/api/cve/CVE-2010-0311.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2010-0311","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2010-0311"},"summary":{"title":"CVE-2010-0311","description":"Unspecified vulnerability in Sun Java System Identity Manager (aka IdM) 8.1.0.5 and 8.1.0.6, when Sun Java System Access Manager, OpenSSO Enterprise 8.0, or IBM Tivoli Access Manager is used, allows remote attackers to obtain administrative access via unknown vectors.","state":"PUBLISHED","assigner":"mitre","published_at":"2010-01-14 19:30:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["NVD-CWE-noinfo","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"6.8","severity":"","vector":"AV:N/AC:M/Au:N/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-21-141642-08-1","name":"http://sunsolve.sun.com/search/document.do?assetkey=1-21-141642-08-1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-275010-1","name":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-275010-1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"#275010: Security Vulnerability in Identity Manager 8.1.0.5 and 8.1.0.6 Configured with Sun Java System Access Manager, OpenSSO Enterprise 8.0 or IBM Tivoli Access Manager","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://osvdb.org/61658","name":"http://osvdb.org/61658","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/55572","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/55572","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2010/0108","name":"http://www.vupen.com/english/advisories/2010/0108","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/38130","name":"http://secunia.com/advisories/38130","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Sun Java System Identity Manager Security Bypass - Secunia Advisories - Vulnerability Information - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securitytracker.com/id?1023447","name":"http://securitytracker.com/id?1023447","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Sun Java System Identity Manager Flaw Grants Remote Users Administrative Access - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/37755","name":"http://www.securityfocus.com/bid/37755","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Sun Java System Identity Manager Privilege Escalation Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2010-0311","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2010-0311","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2010","cve_id":"311","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"tivoli_access_manager_for_e-business","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"311","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"java_system_access_manager","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"311","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"java_system_identity_server","cpe6":"8.1.0.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"311","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"java_system_identity_server","cpe6":"8.1.0.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2010","cve_id":"311","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"opensso_enterprise","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T00:45:11.949Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"37755","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/37755"},{"name":"1023447","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://securitytracker.com/id?1023447"},{"name":"jsim-unspecified-security-bypass(55572)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/55572"},{"name":"275010","tags":["vendor-advisory","x_refsource_SUNALERT","x_transferred"],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-275010-1"},{"name":"38130","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/38130"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-21-141642-08-1"},{"name":"ADV-2010-0108","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2010/0108"},{"name":"61658","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://osvdb.org/61658"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2010-01-11T00:00:00.000Z","descriptions":[{"lang":"en","value":"Unspecified vulnerability in Sun Java System Identity Manager (aka IdM) 8.1.0.5 and 8.1.0.6, when Sun Java System Access Manager, OpenSSO Enterprise 8.0, or IBM Tivoli Access Manager is used, allows remote attackers to obtain administrative access via unknown vectors."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-08-16T14:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"37755","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/37755"},{"name":"1023447","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://securitytracker.com/id?1023447"},{"name":"jsim-unspecified-security-bypass(55572)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/55572"},{"name":"275010","tags":["vendor-advisory","x_refsource_SUNALERT"],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-275010-1"},{"name":"38130","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/38130"},{"tags":["x_refsource_CONFIRM"],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-21-141642-08-1"},{"name":"ADV-2010-0108","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2010/0108"},{"name":"61658","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://osvdb.org/61658"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2010-0311","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Unspecified vulnerability in Sun Java System Identity Manager (aka IdM) 8.1.0.5 and 8.1.0.6, when Sun Java System Access Manager, OpenSSO Enterprise 8.0, or IBM Tivoli Access Manager is used, allows remote attackers to obtain administrative access via unknown vectors."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"37755","refsource":"BID","url":"http://www.securityfocus.com/bid/37755"},{"name":"1023447","refsource":"SECTRACK","url":"http://securitytracker.com/id?1023447"},{"name":"jsim-unspecified-security-bypass(55572)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/55572"},{"name":"275010","refsource":"SUNALERT","url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-275010-1"},{"name":"38130","refsource":"SECUNIA","url":"http://secunia.com/advisories/38130"},{"name":"http://sunsolve.sun.com/search/document.do?assetkey=1-21-141642-08-1","refsource":"CONFIRM","url":"http://sunsolve.sun.com/search/document.do?assetkey=1-21-141642-08-1"},{"name":"ADV-2010-0108","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2010/0108"},{"name":"61658","refsource":"OSVDB","url":"http://osvdb.org/61658"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2010-0311","datePublished":"2010-01-14T19:00:00.000Z","dateReserved":"2010-01-14T00:00:00.000Z","dateUpdated":"2024-08-07T00:45:11.949Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2010-01-14 19:30:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["NVD-CWE-noinfo","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":true,"userInteractionRequired":false}]},"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sun:java_system_identity_server:8.1.0.5:*:*:*:*:*:*:*","matchCriteriaId":"CCDA71AD-2BAE-42DC-A050-76B4932141B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:java_system_identity_server:8.1.0.6:*:*:*:*:*:*:*","matchCriteriaId":"28F834A5-E3BE-4A83-83C3-1EF5FB2F10D1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:a:ibm:tivoli_access_manager_for_e-business:*:*:*:*:*:*:*:*","matchCriteriaId":"B1AACE9A-B450-433E-AF0D-06A82D728AD5"},{"vulnerable":false,"criteria":"cpe:2.3:a:sun:java_system_access_manager:*:*:*:*:*:*:*:*","matchCriteriaId":"B2402481-C481-4FB6-9415-2504B3B93F7E"},{"vulnerable":false,"criteria":"cpe:2.3:a:sun:opensso_enterprise:8.0:*:*:*:*:*:*:*","matchCriteriaId":"8D05F3A1-C5F3-43CA-9150-17FE55A89A30"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2010","CveId":"311","Ordinal":"1","Title":"CVE-2010-0311","CVE":"CVE-2010-0311","Year":"2010"},"notes":[{"CveYear":"2010","CveId":"311","Ordinal":"1","NoteData":"Unspecified vulnerability in Sun Java System Identity Manager (aka IdM) 8.1.0.5 and 8.1.0.6, when Sun Java System Access Manager, OpenSSO Enterprise 8.0, or IBM Tivoli Access Manager is used, allows remote attackers to obtain administrative access via unknown vectors.","Type":"Description","Title":"CVE-2010-0311"},{"CveYear":"2010","CveId":"311","Ordinal":"2","NoteData":"2010-01-14","Type":"Other","Title":"Published"},{"CveYear":"2010","CveId":"311","Ordinal":"3","NoteData":"2017-08-16","Type":"Other","Title":"Modified"}]}}}