CVE-2024-36459
8.4
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L
Summary
A CRLF cross-site scripting vulnerability has been identified in certain configurations of the SiteMinder Web Agent for IIS Web Server and SiteMinder Web Agent for Domino Web Server. As a result, an attacker can execute arbitrary Javascript code in a client browser.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Broadcom | Symantec SiteMinder | R 12.52 SP1 CR11 and below | affected |
| Broadcom | Symantec SiteMinder | R12.8 | affected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24537
- https://datatracker.ietf.org/doc/html/rfc6265#section-4.1.1
References
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24537
- https://datatracker.ietf.org/doc/html/rfc6265#section-4.1.1
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.