Lucene search
K
BroadcomSymantec Identity Governance And Administration

6 matches found

CVE
CVE
added 2023/01/24 12:0 a.m.71 views

CVE-2023-23951

The CVE-2023-23951 issue affects Broadcom Symantec Identity Manager and Symantec Identity Governance and Administration (Oracle LDAP Attribute Handler). Affected versions permit enumeration of the current user’s Oracle LDAP attributes by modifying the query used by the application, and PT-2023-88...

6.1CVSS6AI score0.00514EPSS
CVE
CVE
added 2023/01/24 12:0 a.m.62 views

CVE-2023-23949

CVE-2023-23949 is described across multiple sources as a client-side cross-site scripting vulnerability triggered by an authenticated user supplying malicious HTML/JavaScript, leading to code execution in the victim’s browser. Connected document detail confirms the affected product is Symantec Id...

8.1CVSS5.5AI score0.00564EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.59 views

CVE-2022-25627

Symantec Identity Manager 14.4 is affected: an authenticated administrator with physical access can perform Remote Command Execution on the Management Console. The publicly documented details describe local access as the attack vector with high impact on confidentiality, integrity, and availabili...

6.7CVSS6.5AI score0.00907EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.58 views

CVE-2022-25626

CVE-2022-25626 affects Identity Manager. An unauthenticated user can access management-console page URLs, but cannot perform server-side tasks without an active web session. Public data across multiple feeds corroborates access to specific URLs without session establishment; however, no concrete ...

5.3CVSS5.3AI score0.00687EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.58 views

CVE-2022-25628

CVE-2022-25628 describes an XML External Entity (XXE) injection vulnerability in the Symantec Identity Manager 14.4 Management Console . An authenticated user can trigger XXE, with potential data exposure or other malicious activity as implied by the vulnerability class. The CVSS data from the en...

8.8CVSS8.7AI score0.00897EPSS
CVE
CVE
added 2023/01/24 12:0 a.m.53 views

CVE-2023-23950

Technical details about CVE-2023-23950 are not present in the provided connected documents; the materials only restate the CRLF-splitting vulnerability without product/version specifics. Monitor for updates.

6.1CVSS6.2AI score0.00514EPSS