Sun Microsystems has warned of a vulnerability detected in its Java System Identity Manager (IdM) software.

 

It listed a variety of nine possible scenarios where users may be compromised; including a remote unprivileged user may be able to gain unauthorised access to data being transferred between clients and the IdM server due to some connections not being secured with SSL.

 

It further said that a local or remote unprivileged user may be able to determine the existence of valid IdM account names and a user with an account on the IdM server may be able to change the password of other IdM accounts.

 

The company has released an update for versions 7.0, 7.1, 7.1.1 and 8.0 of the Sun Java System Identity Manager software. Version 8.1 is not believed to be affected by any of the vulnerabilities, and administrators running those systems will not need to apply the patch.