Search

Find a vulnerability

Search criteria

    10 vulnerabilities found for java_system_communications_express by sun

    CVE-2010-4456 (GCVE-0-2010-4456)

    Vulnerability from nvd – Published: 2011-01-19 16:00 – Updated: 2024-08-07 03:43
    VLAI
    Summary
    Unspecified vulnerability in Oracle Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to affect integrity via unknown vectors related to Web Mail.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://osvdb.org/70586 vdb-entryx_refsource_OSVDB
    http://www.vupen.com/english/advisories/2011/0157 vdb-entryx_refsource_VUPEN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/45896 vdb-entryx_refsource_BID
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://secunia.com/advisories/42990 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2011-01-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T03:43:14.810Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "70586",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/70586"
              },
              {
                "name": "ADV-2011-0157",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0157"
              },
              {
                "name": "sun-communications-webmail-unauth-access(64815)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64815"
              },
              {
                "name": "45896",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/45896"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
              },
              {
                "name": "42990",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/42990"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-01-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in Oracle Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to affect integrity via unknown vectors related to Web Mail."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "name": "70586",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/70586"
            },
            {
              "name": "ADV-2011-0157",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0157"
            },
            {
              "name": "sun-communications-webmail-unauth-access(64815)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64815"
            },
            {
              "name": "45896",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/45896"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
            },
            {
              "name": "42990",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/42990"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert_us@oracle.com",
              "ID": "CVE-2010-4456",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in Oracle Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to affect integrity via unknown vectors related to Web Mail."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "70586",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/70586"
                },
                {
                  "name": "ADV-2011-0157",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0157"
                },
                {
                  "name": "sun-communications-webmail-unauth-access(64815)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64815"
                },
                {
                  "name": "45896",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/45896"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
                },
                {
                  "name": "42990",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/42990"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2010-4456",
        "datePublished": "2011-01-19T16:00:00.000Z",
        "dateReserved": "2010-12-06T00:00:00.000Z",
        "dateUpdated": "2024-08-07T03:43:14.810Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-1227 (GCVE-0-2010-1227)

    Vulnerability from nvd – Published: 2010-04-01 22:00 – Updated: 2024-08-07 01:14
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to inject arbitrary web script or HTML via the subject field of a message, as demonstrated by a subject containing an IMG element with a SRC attribute that performs a cross-site request forgery (CSRF) attack involving the cmd and argv parameters to cmd.msc.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/510154/100… mailing-listx_refsource_BUGTRAQ
    http://www.vupen.com/english/advisories/2011/0157 vdb-entryx_refsource_VUPEN
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://secunia.com/advisories/42990 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2010-03-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T01:14:06.674Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20100313 Sun Java System Communication Express CSRF via HPP",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/510154/100/0/threaded"
              },
              {
                "name": "ADV-2011-0157",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0157"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
              },
              {
                "name": "42990",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/42990"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-03-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to inject arbitrary web script or HTML via the subject field of a message, as demonstrated by a subject containing an IMG element with a SRC attribute that performs a cross-site request forgery (CSRF) attack involving the cmd and argv parameters to cmd.msc."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-10T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20100313 Sun Java System Communication Express CSRF via HPP",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/510154/100/0/threaded"
            },
            {
              "name": "ADV-2011-0157",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0157"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
            },
            {
              "name": "42990",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/42990"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2010-1227",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to inject arbitrary web script or HTML via the subject field of a message, as demonstrated by a subject containing an IMG element with a SRC attribute that performs a cross-site request forgery (CSRF) attack involving the cmd and argv parameters to cmd.msc."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20100313 Sun Java System Communication Express CSRF via HPP",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/510154/100/0/threaded"
                },
                {
                  "name": "ADV-2011-0157",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0157"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
                },
                {
                  "name": "42990",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/42990"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2010-1227",
        "datePublished": "2010-04-01T22:00:00.000Z",
        "dateReserved": "2010-04-01T00:00:00.000Z",
        "dateUpdated": "2024-08-07T01:14:06.674Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-1729 (GCVE-0-2009-1729)

    Vulnerability from nvd – Published: 2009-05-21 14:00 – Updated: 2024-08-07 05:20
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express 6 2005Q4 (aka 6.2) and 6.3 allow remote attackers to inject arbitrary web script or HTML via (1) the abperson_displayName parameter to uwc/abs/search.xml in the Add Contact implementation in the Personal Address Book component or (2) the temporaryCalendars parameter to uwc/base/UWCMain.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/34155 vdb-entryx_refsource_BID
    http://osvdb.org/54609 vdb-entryx_refsource_OSVDB
    http://www.vupen.com/english/advisories/2009/1389 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/34154 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/archive/1/503675/100… mailing-listx_refsource_BUGTRAQ
    http://sunsolve.sun.com/search/document.do?assetk… vendor-advisoryx_refsource_SUNALERT
    http://seclists.org/fulldisclosure/2009/May/0177.html mailing-listx_refsource_FULLDISC
    http://sunsolve.sun.com/search/document.do?assetk… x_refsource_CONFIRM
    http://www.coresecurity.com/content/sun-communica… x_refsource_MISC
    http://secunia.com/advisories/32474 third-party-advisoryx_refsource_SECUNIA
    http://securitytracker.com/alerts/2009/May/1022266.html vdb-entryx_refsource_SECTRACK
    http://osvdb.org/54610 vdb-entryx_refsource_OSVDB
    Date Public
    2009-05-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:20:35.171Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "34155",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/34155"
              },
              {
                "name": "54609",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/54609"
              },
              {
                "name": "ADV-2009-1389",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/1389"
              },
              {
                "name": "34154",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/34154"
              },
              {
                "name": "communications-express-search-xss(50658)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50658"
              },
              {
                "name": "20090520 CORE-2009-0109 - Multiple XSS in Sun Communications Express",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/503675/100/0/threaded"
              },
              {
                "name": "258068",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
                  "x_transferred"
                ],
                "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-258068-1"
              },
              {
                "name": "20090520 CORE-2009-0109 - Multiple XSS in Sun Communications Express",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2009/May/0177.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-122793-26-1"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.coresecurity.com/content/sun-communications-express"
              },
              {
                "name": "32474",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/32474"
              },
              {
                "name": "1022266",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/alerts/2009/May/1022266.html"
              },
              {
                "name": "54610",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/54610"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-05-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express 6 2005Q4 (aka 6.2) and 6.3 allow remote attackers to inject arbitrary web script or HTML via (1) the abperson_displayName parameter to uwc/abs/search.xml in the Add Contact implementation in the Personal Address Book component or (2) the temporaryCalendars parameter to uwc/base/UWCMain."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-10T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "34155",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/34155"
            },
            {
              "name": "54609",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/54609"
            },
            {
              "name": "ADV-2009-1389",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/1389"
            },
            {
              "name": "34154",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/34154"
            },
            {
              "name": "communications-express-search-xss(50658)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50658"
            },
            {
              "name": "20090520 CORE-2009-0109 - Multiple XSS in Sun Communications Express",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/503675/100/0/threaded"
            },
            {
              "name": "258068",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUNALERT"
              ],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-258068-1"
            },
            {
              "name": "20090520 CORE-2009-0109 - Multiple XSS in Sun Communications Express",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2009/May/0177.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-122793-26-1"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.coresecurity.com/content/sun-communications-express"
            },
            {
              "name": "32474",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/32474"
            },
            {
              "name": "1022266",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/alerts/2009/May/1022266.html"
            },
            {
              "name": "54610",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/54610"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-1729",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express 6 2005Q4 (aka 6.2) and 6.3 allow remote attackers to inject arbitrary web script or HTML via (1) the abperson_displayName parameter to uwc/abs/search.xml in the Add Contact implementation in the Personal Address Book component or (2) the temporaryCalendars parameter to uwc/base/UWCMain."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "34155",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/34155"
                },
                {
                  "name": "54609",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/54609"
                },
                {
                  "name": "ADV-2009-1389",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/1389"
                },
                {
                  "name": "34154",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/34154"
                },
                {
                  "name": "communications-express-search-xss(50658)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50658"
                },
                {
                  "name": "20090520 CORE-2009-0109 - Multiple XSS in Sun Communications Express",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/503675/100/0/threaded"
                },
                {
                  "name": "258068",
                  "refsource": "SUNALERT",
                  "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-258068-1"
                },
                {
                  "name": "20090520 CORE-2009-0109 - Multiple XSS in Sun Communications Express",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2009/May/0177.html"
                },
                {
                  "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-122793-26-1",
                  "refsource": "CONFIRM",
                  "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-122793-26-1"
                },
                {
                  "name": "http://www.coresecurity.com/content/sun-communications-express",
                  "refsource": "MISC",
                  "url": "http://www.coresecurity.com/content/sun-communications-express"
                },
                {
                  "name": "32474",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/32474"
                },
                {
                  "name": "1022266",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/alerts/2009/May/1022266.html"
                },
                {
                  "name": "54610",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/54610"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-1729",
        "datePublished": "2009-05-21T14:00:00.000Z",
        "dateReserved": "2009-05-20T00:00:00.000Z",
        "dateUpdated": "2024-08-07T05:20:35.171Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-0877 (GCVE-0-2009-0877)

    Vulnerability from nvd – Published: 2009-03-12 15:00 – Updated: 2024-08-07 04:48
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express allow remote attackers to inject arbitrary web script or HTML via the (1) Full Name or (2) Subject field.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://sosoblood.freehostia.com/SJSC/html_injection.gif x_refsource_MISC
    http://www.securityfocus.com/archive/1/501672/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/34083 vdb-entryx_refsource_BID
    http://osvdb.org/52718 vdb-entryx_refsource_OSVDB
    Date Public
    2009-03-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T04:48:52.619Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://sosoblood.freehostia.com/SJSC/html_injection.gif"
              },
              {
                "name": "20090310 Sun Java System Communications Express [HTML Injection]",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/501672/100/0/threaded"
              },
              {
                "name": "34083",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/34083"
              },
              {
                "name": "52718",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/52718"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-03-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express allow remote attackers to inject arbitrary web script or HTML via the (1) Full Name or (2) Subject field."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-10T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://sosoblood.freehostia.com/SJSC/html_injection.gif"
            },
            {
              "name": "20090310 Sun Java System Communications Express [HTML Injection]",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/501672/100/0/threaded"
            },
            {
              "name": "34083",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/34083"
            },
            {
              "name": "52718",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/52718"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-0877",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express allow remote attackers to inject arbitrary web script or HTML via the (1) Full Name or (2) Subject field."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://sosoblood.freehostia.com/SJSC/html_injection.gif",
                  "refsource": "MISC",
                  "url": "http://sosoblood.freehostia.com/SJSC/html_injection.gif"
                },
                {
                  "name": "20090310 Sun Java System Communications Express [HTML Injection]",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/501672/100/0/threaded"
                },
                {
                  "name": "34083",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/34083"
                },
                {
                  "name": "52718",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/52718"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-0877",
        "datePublished": "2009-03-12T15:00:00.000Z",
        "dateReserved": "2009-03-12T00:00:00.000Z",
        "dateUpdated": "2024-08-07T04:48:52.619Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-3472 (GCVE-0-2005-3472)

    Vulnerability from nvd – Published: 2005-11-03 02:00 – Updated: 2024-08-07 23:10
    VLAI
    Summary
    Unspecified vulnerability in Sun Java System Communications Express 2005Q1 and 2004Q2 allows local and remote attackers to read sensitive information from configuration files.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.osvdb.org/20448 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/bid/15271 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2005/2274 vdb-entryx_refsource_VUPEN
    http://sunsolve.sun.com/search/document.do?assetk… vendor-advisoryx_refsource_SUNALERT
    http://secunia.com/advisories/17395 third-party-advisoryx_refsource_SECUNIA
    http://securitytracker.com/id?1015135 vdb-entryx_refsource_SECTRACK
    Date Public
    2005-11-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T23:10:09.004Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20448",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/20448"
              },
              {
                "name": "15271",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/15271"
              },
              {
                "name": "ADV-2005-2274",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2005/2274"
              },
              {
                "name": "101948",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
                  "x_transferred"
                ],
                "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101948-1"
              },
              {
                "name": "17395",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17395"
              },
              {
                "name": "1015135",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1015135"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-11-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in Sun Java System Communications Express 2005Q1 and 2004Q2 allows local and remote attackers to read sensitive information from configuration files."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2005-11-18T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20448",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/20448"
            },
            {
              "name": "15271",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/15271"
            },
            {
              "name": "ADV-2005-2274",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2005/2274"
            },
            {
              "name": "101948",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUNALERT"
              ],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101948-1"
            },
            {
              "name": "17395",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17395"
            },
            {
              "name": "1015135",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1015135"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-3472",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in Sun Java System Communications Express 2005Q1 and 2004Q2 allows local and remote attackers to read sensitive information from configuration files."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20448",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/20448"
                },
                {
                  "name": "15271",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/15271"
                },
                {
                  "name": "ADV-2005-2274",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2005/2274"
                },
                {
                  "name": "101948",
                  "refsource": "SUNALERT",
                  "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101948-1"
                },
                {
                  "name": "17395",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17395"
                },
                {
                  "name": "1015135",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1015135"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-3472",
        "datePublished": "2005-11-03T02:00:00.000Z",
        "dateReserved": "2005-11-02T00:00:00.000Z",
        "dateUpdated": "2024-08-07T23:10:09.004Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-4456 (GCVE-0-2010-4456)

    Vulnerability from cvelistv5 – Published: 2011-01-19 16:00 – Updated: 2024-08-07 03:43
    VLAI
    Summary
    Unspecified vulnerability in Oracle Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to affect integrity via unknown vectors related to Web Mail.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://osvdb.org/70586 vdb-entryx_refsource_OSVDB
    http://www.vupen.com/english/advisories/2011/0157 vdb-entryx_refsource_VUPEN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/45896 vdb-entryx_refsource_BID
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://secunia.com/advisories/42990 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2011-01-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T03:43:14.810Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "70586",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/70586"
              },
              {
                "name": "ADV-2011-0157",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0157"
              },
              {
                "name": "sun-communications-webmail-unauth-access(64815)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64815"
              },
              {
                "name": "45896",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/45896"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
              },
              {
                "name": "42990",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/42990"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-01-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in Oracle Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to affect integrity via unknown vectors related to Web Mail."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "name": "70586",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/70586"
            },
            {
              "name": "ADV-2011-0157",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0157"
            },
            {
              "name": "sun-communications-webmail-unauth-access(64815)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64815"
            },
            {
              "name": "45896",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/45896"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
            },
            {
              "name": "42990",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/42990"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert_us@oracle.com",
              "ID": "CVE-2010-4456",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in Oracle Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to affect integrity via unknown vectors related to Web Mail."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "70586",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/70586"
                },
                {
                  "name": "ADV-2011-0157",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0157"
                },
                {
                  "name": "sun-communications-webmail-unauth-access(64815)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64815"
                },
                {
                  "name": "45896",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/45896"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
                },
                {
                  "name": "42990",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/42990"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2010-4456",
        "datePublished": "2011-01-19T16:00:00.000Z",
        "dateReserved": "2010-12-06T00:00:00.000Z",
        "dateUpdated": "2024-08-07T03:43:14.810Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-1227 (GCVE-0-2010-1227)

    Vulnerability from cvelistv5 – Published: 2010-04-01 22:00 – Updated: 2024-08-07 01:14
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to inject arbitrary web script or HTML via the subject field of a message, as demonstrated by a subject containing an IMG element with a SRC attribute that performs a cross-site request forgery (CSRF) attack involving the cmd and argv parameters to cmd.msc.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/510154/100… mailing-listx_refsource_BUGTRAQ
    http://www.vupen.com/english/advisories/2011/0157 vdb-entryx_refsource_VUPEN
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://secunia.com/advisories/42990 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2010-03-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T01:14:06.674Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20100313 Sun Java System Communication Express CSRF via HPP",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/510154/100/0/threaded"
              },
              {
                "name": "ADV-2011-0157",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0157"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
              },
              {
                "name": "42990",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/42990"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-03-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to inject arbitrary web script or HTML via the subject field of a message, as demonstrated by a subject containing an IMG element with a SRC attribute that performs a cross-site request forgery (CSRF) attack involving the cmd and argv parameters to cmd.msc."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-10T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20100313 Sun Java System Communication Express CSRF via HPP",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/510154/100/0/threaded"
            },
            {
              "name": "ADV-2011-0157",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0157"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
            },
            {
              "name": "42990",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/42990"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2010-1227",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to inject arbitrary web script or HTML via the subject field of a message, as demonstrated by a subject containing an IMG element with a SRC attribute that performs a cross-site request forgery (CSRF) attack involving the cmd and argv parameters to cmd.msc."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20100313 Sun Java System Communication Express CSRF via HPP",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/510154/100/0/threaded"
                },
                {
                  "name": "ADV-2011-0157",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0157"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
                },
                {
                  "name": "42990",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/42990"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2010-1227",
        "datePublished": "2010-04-01T22:00:00.000Z",
        "dateReserved": "2010-04-01T00:00:00.000Z",
        "dateUpdated": "2024-08-07T01:14:06.674Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-1729 (GCVE-0-2009-1729)

    Vulnerability from cvelistv5 – Published: 2009-05-21 14:00 – Updated: 2024-08-07 05:20
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express 6 2005Q4 (aka 6.2) and 6.3 allow remote attackers to inject arbitrary web script or HTML via (1) the abperson_displayName parameter to uwc/abs/search.xml in the Add Contact implementation in the Personal Address Book component or (2) the temporaryCalendars parameter to uwc/base/UWCMain.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/34155 vdb-entryx_refsource_BID
    http://osvdb.org/54609 vdb-entryx_refsource_OSVDB
    http://www.vupen.com/english/advisories/2009/1389 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/34154 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/archive/1/503675/100… mailing-listx_refsource_BUGTRAQ
    http://sunsolve.sun.com/search/document.do?assetk… vendor-advisoryx_refsource_SUNALERT
    http://seclists.org/fulldisclosure/2009/May/0177.html mailing-listx_refsource_FULLDISC
    http://sunsolve.sun.com/search/document.do?assetk… x_refsource_CONFIRM
    http://www.coresecurity.com/content/sun-communica… x_refsource_MISC
    http://secunia.com/advisories/32474 third-party-advisoryx_refsource_SECUNIA
    http://securitytracker.com/alerts/2009/May/1022266.html vdb-entryx_refsource_SECTRACK
    http://osvdb.org/54610 vdb-entryx_refsource_OSVDB
    Date Public
    2009-05-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:20:35.171Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "34155",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/34155"
              },
              {
                "name": "54609",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/54609"
              },
              {
                "name": "ADV-2009-1389",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/1389"
              },
              {
                "name": "34154",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/34154"
              },
              {
                "name": "communications-express-search-xss(50658)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50658"
              },
              {
                "name": "20090520 CORE-2009-0109 - Multiple XSS in Sun Communications Express",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/503675/100/0/threaded"
              },
              {
                "name": "258068",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
                  "x_transferred"
                ],
                "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-258068-1"
              },
              {
                "name": "20090520 CORE-2009-0109 - Multiple XSS in Sun Communications Express",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2009/May/0177.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-122793-26-1"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.coresecurity.com/content/sun-communications-express"
              },
              {
                "name": "32474",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/32474"
              },
              {
                "name": "1022266",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/alerts/2009/May/1022266.html"
              },
              {
                "name": "54610",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/54610"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-05-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express 6 2005Q4 (aka 6.2) and 6.3 allow remote attackers to inject arbitrary web script or HTML via (1) the abperson_displayName parameter to uwc/abs/search.xml in the Add Contact implementation in the Personal Address Book component or (2) the temporaryCalendars parameter to uwc/base/UWCMain."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-10T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "34155",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/34155"
            },
            {
              "name": "54609",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/54609"
            },
            {
              "name": "ADV-2009-1389",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/1389"
            },
            {
              "name": "34154",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/34154"
            },
            {
              "name": "communications-express-search-xss(50658)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50658"
            },
            {
              "name": "20090520 CORE-2009-0109 - Multiple XSS in Sun Communications Express",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/503675/100/0/threaded"
            },
            {
              "name": "258068",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUNALERT"
              ],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-258068-1"
            },
            {
              "name": "20090520 CORE-2009-0109 - Multiple XSS in Sun Communications Express",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2009/May/0177.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-122793-26-1"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.coresecurity.com/content/sun-communications-express"
            },
            {
              "name": "32474",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/32474"
            },
            {
              "name": "1022266",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/alerts/2009/May/1022266.html"
            },
            {
              "name": "54610",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/54610"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-1729",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express 6 2005Q4 (aka 6.2) and 6.3 allow remote attackers to inject arbitrary web script or HTML via (1) the abperson_displayName parameter to uwc/abs/search.xml in the Add Contact implementation in the Personal Address Book component or (2) the temporaryCalendars parameter to uwc/base/UWCMain."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "34155",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/34155"
                },
                {
                  "name": "54609",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/54609"
                },
                {
                  "name": "ADV-2009-1389",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/1389"
                },
                {
                  "name": "34154",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/34154"
                },
                {
                  "name": "communications-express-search-xss(50658)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50658"
                },
                {
                  "name": "20090520 CORE-2009-0109 - Multiple XSS in Sun Communications Express",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/503675/100/0/threaded"
                },
                {
                  "name": "258068",
                  "refsource": "SUNALERT",
                  "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-258068-1"
                },
                {
                  "name": "20090520 CORE-2009-0109 - Multiple XSS in Sun Communications Express",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2009/May/0177.html"
                },
                {
                  "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-122793-26-1",
                  "refsource": "CONFIRM",
                  "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-122793-26-1"
                },
                {
                  "name": "http://www.coresecurity.com/content/sun-communications-express",
                  "refsource": "MISC",
                  "url": "http://www.coresecurity.com/content/sun-communications-express"
                },
                {
                  "name": "32474",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/32474"
                },
                {
                  "name": "1022266",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/alerts/2009/May/1022266.html"
                },
                {
                  "name": "54610",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/54610"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-1729",
        "datePublished": "2009-05-21T14:00:00.000Z",
        "dateReserved": "2009-05-20T00:00:00.000Z",
        "dateUpdated": "2024-08-07T05:20:35.171Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-0877 (GCVE-0-2009-0877)

    Vulnerability from cvelistv5 – Published: 2009-03-12 15:00 – Updated: 2024-08-07 04:48
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express allow remote attackers to inject arbitrary web script or HTML via the (1) Full Name or (2) Subject field.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://sosoblood.freehostia.com/SJSC/html_injection.gif x_refsource_MISC
    http://www.securityfocus.com/archive/1/501672/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/34083 vdb-entryx_refsource_BID
    http://osvdb.org/52718 vdb-entryx_refsource_OSVDB
    Date Public
    2009-03-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T04:48:52.619Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://sosoblood.freehostia.com/SJSC/html_injection.gif"
              },
              {
                "name": "20090310 Sun Java System Communications Express [HTML Injection]",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/501672/100/0/threaded"
              },
              {
                "name": "34083",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/34083"
              },
              {
                "name": "52718",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/52718"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-03-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express allow remote attackers to inject arbitrary web script or HTML via the (1) Full Name or (2) Subject field."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-10T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://sosoblood.freehostia.com/SJSC/html_injection.gif"
            },
            {
              "name": "20090310 Sun Java System Communications Express [HTML Injection]",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/501672/100/0/threaded"
            },
            {
              "name": "34083",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/34083"
            },
            {
              "name": "52718",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/52718"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-0877",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express allow remote attackers to inject arbitrary web script or HTML via the (1) Full Name or (2) Subject field."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://sosoblood.freehostia.com/SJSC/html_injection.gif",
                  "refsource": "MISC",
                  "url": "http://sosoblood.freehostia.com/SJSC/html_injection.gif"
                },
                {
                  "name": "20090310 Sun Java System Communications Express [HTML Injection]",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/501672/100/0/threaded"
                },
                {
                  "name": "34083",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/34083"
                },
                {
                  "name": "52718",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/52718"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-0877",
        "datePublished": "2009-03-12T15:00:00.000Z",
        "dateReserved": "2009-03-12T00:00:00.000Z",
        "dateUpdated": "2024-08-07T04:48:52.619Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-3472 (GCVE-0-2005-3472)

    Vulnerability from cvelistv5 – Published: 2005-11-03 02:00 – Updated: 2024-08-07 23:10
    VLAI
    Summary
    Unspecified vulnerability in Sun Java System Communications Express 2005Q1 and 2004Q2 allows local and remote attackers to read sensitive information from configuration files.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.osvdb.org/20448 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/bid/15271 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2005/2274 vdb-entryx_refsource_VUPEN
    http://sunsolve.sun.com/search/document.do?assetk… vendor-advisoryx_refsource_SUNALERT
    http://secunia.com/advisories/17395 third-party-advisoryx_refsource_SECUNIA
    http://securitytracker.com/id?1015135 vdb-entryx_refsource_SECTRACK
    Date Public
    2005-11-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T23:10:09.004Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20448",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/20448"
              },
              {
                "name": "15271",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/15271"
              },
              {
                "name": "ADV-2005-2274",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2005/2274"
              },
              {
                "name": "101948",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
                  "x_transferred"
                ],
                "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101948-1"
              },
              {
                "name": "17395",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17395"
              },
              {
                "name": "1015135",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1015135"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-11-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in Sun Java System Communications Express 2005Q1 and 2004Q2 allows local and remote attackers to read sensitive information from configuration files."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2005-11-18T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20448",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/20448"
            },
            {
              "name": "15271",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/15271"
            },
            {
              "name": "ADV-2005-2274",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2005/2274"
            },
            {
              "name": "101948",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUNALERT"
              ],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101948-1"
            },
            {
              "name": "17395",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17395"
            },
            {
              "name": "1015135",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1015135"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-3472",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in Sun Java System Communications Express 2005Q1 and 2004Q2 allows local and remote attackers to read sensitive information from configuration files."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20448",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/20448"
                },
                {
                  "name": "15271",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/15271"
                },
                {
                  "name": "ADV-2005-2274",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2005/2274"
                },
                {
                  "name": "101948",
                  "refsource": "SUNALERT",
                  "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101948-1"
                },
                {
                  "name": "17395",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/17395"
                },
                {
                  "name": "1015135",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1015135"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-3472",
        "datePublished": "2005-11-03T02:00:00.000Z",
        "dateReserved": "2005-11-02T00:00:00.000Z",
        "dateUpdated": "2024-08-07T23:10:09.004Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }