← Back

CVE-2008-5423

nvd nist
Published: Dec 11, 2008Modified: Apr 23, 2026

JSON object

Loading...
4.3
Vector
AV:L/AC:L/Au:S/C:P/I:P/A:P
Exploitability: 3.1 / Impact: 6.4
Source: NVD

Description

Sun Sun Ray Server Software 3.x and 4.0 and Sun Ray Windows Connector 1.1 and 2.0 expose the LDAP password during a configuration step, which allows local users to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors related to the utconfig component of the Server Software and the uttscadm component of the Windows Connector.

Affected (15)

Sun
2 products
Ray Server Software
Ray Windows Connector
Configuration A
1 vulnerable · 3 platform
Vulnerable SoftwareAffected Versions
Ray Server Software
Version 3.0
Running on/withPlatform Versions
Sun
Solaris
Version 10
Sun
Solaris
Version 8
Sun
Solaris
Version 9
Configuration B
1 platform
Running on/withPlatform Versions
Sun
Solaris
Version 10
Configuration C
4 vulnerable
Vulnerable SoftwareAffected Versions
Sun
Ray Windows Connector
Version 1.1
Ray Windows Connector
Version 2.0
Sun
Ray Server Software
Version 3.1
Ray Server Software
Version 4.0
Configuration D
4 vulnerable
Vulnerable SoftwareAffected Versions
Sun
Ray Windows Connector
Version 1.1
Ray Windows Connector
Version 2.0
Sun
Ray Server Software
Version 3.1
Ray Server Software
Version 4.0
Configuration E
2 vulnerable
Vulnerable SoftwareAffected Versions
Sun
Ray Windows Connector
Version 1.1
Ray Windows Connector
Version 2.0
Configuration F
2 vulnerable · 2 platform
Vulnerable SoftwareAffected Versions
Sun
Ray Server Software
Version 3.1.1
Ray Server Software
Version 4.0
Running on/withPlatform Versions
Novell
Suse Linux Enterprise Server
Version 9
Redhat
Enterprise Linux
Version 4
Configuration G
2 vulnerable · 3 platform
Vulnerable SoftwareAffected Versions
Sun
Ray Server Software
Version 3.0
Ray Server Software
Version 3.1
Running on/withPlatform Versions
Novell
Suse Linux Enterprise Server
Version 8
Redhat
Enterprise Linux
Version 3
Sun
Java Desktop System
Version 2.0

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (22)

Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Patch
Source: cve@mitre.org
PatchVendor Advisory
Source: cve@mitre.org
Patch
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.