CVE-2024-36459

Summary

A CRLF cross-site scripting vulnerability has been identified in certain configurations of the SiteMinder Web Agent for IIS Web Server and SiteMinder Web Agent for Domino Web Server. As a result, an attacker can execute arbitrary Javascript code in a client browser.

Affected Software

VendorProductVersion RangeStatus
BroadcomSymantec SiteMinderR 12.52 SP1 CR11 and belowaffected
BroadcomSymantec SiteMinderR12.8affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References