CVE-2008-5115

Cross-site request forgery (CSRF) vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to hijack the authentication of administrators for requests that update the password via idm/admin/changeself.jsp.

Date published : 2008-11-17

http://www.securityfocus.com/bid/32262

http://www.securityfocus.com/archive/1/498479/100/0/threaded