CVE-2008-5422

Sun Sun Ray Server Software 3.1 through 4.0 does not properly restrict access, which allows remote attackers to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://sunsolve.sun.com/search/document.do?assetkey=1-26-240365-1	Patch Vendor Advisory
http://www.securityfocus.com/bid/32769	Patch
http://sunsolve.sun.com/search/document.do?assetkey=1-21-127553-04-1	Patch Vendor Advisory
http://secunia.com/advisories/33108
http://support.avaya.com/elmodocs2/security/ASA-2008-502.htm
http://www.securitytracker.com/id?1021383
http://www.vupen.com/english/advisories/2008/3406
https://exchange.xforce.ibmcloud.com/vulnerabilities/47253

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:sun:ray_server_software:3.1::sparc:::::
	cpe:2.3:a:sun:ray_server_software:3.0::sparc:::::
	cpe:2.3:a:sun:ray_server_software:4.0::sparc:::::

OR	cpe:2.3:o:sun:solaris:10::sparc:::::
	cpe:2.3:o:sun:solaris:8::sparc:::::
	cpe:2.3:o:sun:solaris:9::sparc:::::

Configuration 2 (hide)

AND

OR	cpe:2.3:a:sun:ray_server_software:3.1::x86:::::
	cpe:2.3:a:sun:ray_server_software:4.0::x86:::::

cpe:2.3:o:sun:solaris:10:*:x86:*:*:*:*:*

Configuration 3 (hide)

AND

OR	cpe:2.3:a:sun:ray_server_software:3.1.1::linux:::::
	cpe:2.3:a:sun:ray_server_software:4.0::linux:::::

OR	cpe:2.3:o:redhat:enterprise_linux:4::advanced_server:::::
	cpe:2.3:o:novell:suse_linux_enterprise_server:9:::::::*

Configuration 4 (hide)

AND

OR	cpe:2.3:a:sun:ray_server_software:3.1::linux:::::
	cpe:2.3:a:sun:ray_server_software:3.0::linux:::::

OR	cpe:2.3:o:redhat:enterprise_linux:3::advanced_server:::::
	cpe:2.3:o:novell:suse_linux_enterprise_server:8:::::::*
	cpe:2.3:a:sun:java_desktop_system:2.0:::::::*

Information

Published : 2008-12-11 07:30

Updated : 2018-10-30 09:25

NVD link : CVE-2008-5422

Mitre link : CVE-2008-5422

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Products Affected

redhat

enterprise_linux

sun

java_desktop_system
ray_server_software
solaris

novell

suse_linux_enterprise_server

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-240365-1", "name": "240365", "tags": ["Patch", "Vendor Advisory"], "refsource": "SUNALERT"}, {"url": "http://www.securityfocus.com/bid/32769", "name": "32769", "tags": ["Patch"], "refsource": "BID"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-127553-04-1", "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-127553-04-1", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/33108", "name": "33108", "tags": [], "refsource": "SECUNIA"}, {"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-502.htm", "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-502.htm", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.securitytracker.com/id?1021383", "name": "1021383", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.vupen.com/english/advisories/2008/3406", "name": "ADV-2008-3406", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47253", "name": "rayserver-unspecified-security-bypass(47253)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Sun Sun Ray Server Software 3.1 through 4.0 does not properly restrict access, which allows remote attackers to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2008-5422", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "acInsufInfo": true, "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2008-12-11T15:30Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:sun:ray_server_software:3.1:*:sparc:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:ray_server_software:3.0:*:sparc:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:ray_server_software:4.0:*:sparc:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:sun:solaris:10:*:sparc:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:sun:solaris:8:*:sparc:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:sun:solaris:9:*:sparc:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:sun:ray_server_software:3.1:*:x86:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:ray_server_software:4.0:*:x86:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:sun:solaris:10:*:x86:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:sun:ray_server_software:3.1.1:*:linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:ray_server_software:4.0:*:linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:4:*:advanced_server:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:novell:suse_linux_enterprise_server:9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:sun:ray_server_software:3.1:*:linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:ray_server_software:3.0:*:linux:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:3:*:advanced_server:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:novell:suse_linux_enterprise_server:8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:a:sun:java_desktop_system:2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-30T16:25Z"}

7.5 /10