6 matches found
CVE-2023-23951
The CVE-2023-23951 issue affects Broadcom Symantec Identity Manager and Symantec Identity Governance and Administration (Oracle LDAP Attribute Handler). Affected versions permit enumeration of the current user’s Oracle LDAP attributes by modifying the query used by the application, and PT-2023-88...
CVE-2023-23949
CVE-2023-23949 is described across multiple sources as a client-side cross-site scripting vulnerability triggered by an authenticated user supplying malicious HTML/JavaScript, leading to code execution in the victim’s browser. Connected document detail confirms the affected product is Symantec Id...
CVE-2022-25627
Symantec Identity Manager 14.4 is affected: an authenticated administrator with physical access can perform Remote Command Execution on the Management Console. The publicly documented details describe local access as the attack vector with high impact on confidentiality, integrity, and availabili...
CVE-2022-25626
CVE-2022-25626 affects Identity Manager. An unauthenticated user can access management-console page URLs, but cannot perform server-side tasks without an active web session. Public data across multiple feeds corroborates access to specific URLs without session establishment; however, no concrete ...
CVE-2022-25628
CVE-2022-25628 describes an XML External Entity (XXE) injection vulnerability in the Symantec Identity Manager 14.4 Management Console . An authenticated user can trigger XXE, with potential data exposure or other malicious activity as implied by the vulnerability class. The CVSS data from the en...
CVE-2023-23950
Technical details about CVE-2023-23950 are not present in the provided connected documents; the materials only restate the CRLF-splitting vulnerability without product/version specifics. Monitor for updates.