Sun Java System Access Manager 6.3 2005Q1, 7 2005Q4, and 7.1 allows remote authenticated users with console privileges to discover passwords, and obtain unspecified other "access to resources," by visiting the Configuration Items component in the console.
https://exchange.xforce.ibmcloud.com/vulnerabilities/47942
http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-02-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-242166-1