CVE-2024-36459

June 14, 2024, 12:15 p.m.

None
No Score

Description

A CRLF cross-site scripting vulnerability has been identified in certain configurations of the SiteMinder Web Agent for IIS Web Server and SiteMinder Web Agent for Domino Web Server. As a result, an attacker can execute arbitrary Javascript code in a client browser.

Product(s) Impacted

Product Versions
SiteMinder Web Agent for IIS Web Server
SiteMinder Web Agent for Domino Web Server

Weaknesses

References

https://datatracker.ietf.org/doc/html/rfc6265#section-4.1.1
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24537

Tags

2024-06-14
CVE-2024-36459
secure@symantec.com

Date

  • Published: June 14, 2024, 12:15 p.m.
  • Last Modified: June 14, 2024, 12:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

secure@symantec.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.