Lucene search

SymantecVULNRICHMENT:CVE-2024-36459

HistoryJun 14, 2024 - 12:06 p.m.

CVE-2024-36459 Cross-Site Scripting Vulnerability in Symantec SiteMinder Web Agent

2024-06-1412:06:19

symantec

github.com

cve-2024-36459

crlf

siteminder

web agent

iis web server

domino web server

javascript code

vulnerability

8.4 High

CVSS4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

ACTIVE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/SC:L/VI:H/SI:H/VA:L/SA:L

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

A CRLF cross-site scripting vulnerability has been identified in certain configurations of the SiteMinder Web Agent for IIS Web Server and SiteMinder Web Agent for Domino Web Server. As a result, an attacker can execute arbitrary Javascript code in a client browser.

CNA Affected

[
  {
    "vendor": "Broadcom",
    "product": "Symantec SiteMinder",
    "versions": [
      {
        "status": "affected",
        "version": "R 12.52 SP1 CR11 and below"
      },
      {
        "status": "affected",
        "version": "R12.8"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

datatracker.ietf.org/doc/html/rfc6265#section-4.1.1

support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24537