Lucene search
SymantecCVELIST:CVE-2024-36459HistoryJun 14, 2024 - 12:06 p.m.
CVE-2024-36459 Cross-Site Scripting Vulnerability in Symantec SiteMinder Web Agent
2024-06-1412:06:19
symantec
www.cve.org
5
cve-2024-36459
cross-site scripting
symantec siteminder
web agent
iis web server
domino web server
arbitrary javascript
client browser
8.4 High
CVSS4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
ACTIVE
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/SC:L/VI:H/SI:H/VA:L/SA:L
0.0004 Low
EPSS
Percentile
9.0%
A CRLF cross-site scripting vulnerability has been identified in certain configurations of the SiteMinder Web Agent for IIS Web Server and SiteMinder Web Agent for Domino Web Server. As a result, an attacker can execute arbitrary Javascript code in a client browser.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Symantec SiteMinder",
"vendor": "Broadcom",
"versions": [
{
"status": "affected",
"version": "R 12.52 SP1 CR11 and below"
},
{
"status": "affected",
"version": "R12.8"
}
]
}
]Related
cve
cve
CVE-2024-36459
2024-06-14 12:15:09
vulnrichment
vulnrichment
nvd
nvd
CVE-2024-36459
2024-06-14 12:15:09
8.4 High
CVSS4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
ACTIVE
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/SC:L/VI:H/SI:H/VA:L/SA:L
0.0004 Low
EPSS
Percentile
9.0%
Related for CVELIST:CVE-2024-36459