Vulnerability Details : CVE-2008-5422
Sun Sun Ray Server Software 3.1 through 4.0 does not properly restrict access, which allows remote attackers to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors.
Exploit prediction scoring system (EPSS) score for CVE-2008-5422
Probability of exploitation activity in the next 30 days: 1.49%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 85 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2008-5422
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2008-5422
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-5422
-
http://www.securitytracker.com/id?1021383
-
http://www.securityfocus.com/bid/32769
Patch
-
http://sunsolve.sun.com/search/document.do?assetkey=1-21-127553-04-1
Patch;Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/47253
- http://www.vupen.com/english/advisories/2008/3406
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-240365-1
Patch;Vendor Advisory
-
http://support.avaya.com/elmodocs2/security/ASA-2008-502.htm
Products affected by CVE-2008-5422
- cpe:2.3:a:sun:ray_server_software:3.0:*:sparc:*:*:*:*:*
- cpe:2.3:a:sun:ray_server_software:3.1:*:x86:*:*:*:*:*
- cpe:2.3:a:sun:ray_server_software:3.1:*:sparc:*:*:*:*:*
- cpe:2.3:a:sun:ray_server_software:4.0:*:sparc:*:*:*:*:*
- cpe:2.3:a:sun:ray_server_software:4.0:*:x86:*:*:*:*:*
- cpe:2.3:a:sun:ray_server_software:3.1.1:*:linux:*:*:*:*:*
- cpe:2.3:a:sun:ray_server_software:4.0:*:linux:*:*:*:*:*
- cpe:2.3:a:sun:ray_server_software:3.1:*:linux:*:*:*:*:*
- cpe:2.3:a:sun:ray_server_software:3.0:*:linux:*:*:*:*:*