Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Identity Governance 12.6 Cross Site Scripting Vulnerability

🗓️ 15 Nov 2017 00:00:00Reported by Kevin KotasType 
zdt
 zdt🔗 0day.today👁 41 Views

CA Identity Governance 12.6 Cross Site Scripting Vulnerabilit

Related
Code
ReporterTitlePublishedViews
Family
CNVD		CA Identity Governance Cross-Site Scripting Vulnerability
16 Nov 201700:00
cnvd
CVE		CVE-2017-9394
14 Nov 201721:00
cve
Cvelist		CVE-2017-9394
14 Nov 201721:00
cvelist
EUVD		EUVD-2017-18329
7 Oct 202500:30
euvd
NVD		CVE-2017-9394
14 Nov 201721:29
nvd
OSV		CVE-2017-9394
14 Nov 201721:29
osv
Prion		Cross site scripting
14 Nov 201721:29
prion
Security Notice for CA Identity Governance

CA Technologies support is alerting customers to a potential risk
with CA Identity Governance. A vulnerability exists that can
potentially allow a malicious actor to conduct cross-site scripting
attacks. CA published a solution to resolve the issue.

The vulnerability, CVE-2017-9394, occurs due to insufficient input
validation that can result in a stored cross-site scripting
vulnerability. The vulnerability can allow an authenticated remote
attacker to display HTML or execute script in the context of another
user.

Risk Rating

Medium

Platform(s)

All Server Environments where CA Identity Governance can be deployed.
Please refer to the Platform Support Matrix in the product
documentation at https//docops.ca.com

Affected Products

CA Identity Governance 12.6

Note: CA Identity Governance (formerly GovernanceMinder) releases
prior to 12.6 are no longer supported

Unaffected Products

CA Identity Governance 14.0, 14.1

How to determine if the installation is affected

Use the web interface to determine the version and check the version
against the affected products list.

Solution

CA Identity Governance 12.6.5:
Update to CA Identity Governance 12.6.5 CR1 CP3 - RS98844

CA Identity Governance releases previous to 12.6.5:
Open a support ticket to request a hotfix

References

CVE-2017-9394 - CA Identity Governance stored XSS

Acknowledgement

CVE-2017-9394 - Jake Miller of Blue Canopy - A Jacobs company

Change History

Version 1.0: Initial Release

If additional information is required, please contact CA Technologies
Support at https://support.ca.com/

If you discover a vulnerability in CA Technologies products, please
report your findings to CA Technologies Product Vulnerability
Response at vuln <AT> ca.com

Security Notices and PGP key
support.ca.com/irj/portal/anonymous/phpsbpldgpg
www.ca.com/us/support/ca-support-online/documents.aspx?id=177782

Regards,

Kevin Kotas

#  0day.today [2018-01-05]  #

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
15 Nov 2017 00:00Current
6Medium risk
Vulners AI Score6
EPSS0.00179
identity governancecross site scriptingvulnerabilityca technologiesrisk ratingplatformaffected productssolutioncve-2017-9394acknowledgementchange historysecurity notice
41