CVE-2024-36459 HIGH

CVE-2024-36459: Cross-Site Scripting Vulnerability in Symantec SiteMinder Web Agent

Vendor Broadcom
Product Symantec SiteMinder
Published June 14, 2024
Last update August 2, 2024

CVSS base score

8.4/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L

What the vulnerability does

01Description

A CRLF cross-site scripting vulnerability has been identified in certain configurations of the SiteMinder Web Agent for IIS Web Server and SiteMinder Web Agent for Domino Web Server. As a result, an attacker can execute arbitrary Javascript code in a client browser.

Key dates

02Disclosure timeline

June 14, 2024 CVE published
August 2, 2024 Record updated