CRLF Cross-Site Scripting Vulnerability Affects SiteMinder Web Agent
CVE-2024-36459

Currently unrated

Key Information:

Vendor: Broadcom
Status: Symantec Siteminder
Vendor: CVE Published:; 14 June 2024

Summary

A CRLF cross-site scripting vulnerability has been identified in certain configurations of the SiteMinder Web Agent for IIS Web Server and SiteMinder Web Agent for Domino Web Server. As a result, an attacker can execute arbitrary Javascript code in a client browser.

Affected Version(s)

Symantec SiteMinder R 12.52 SP1 CR11 and below

Symantec SiteMinder R12.8

References

https://support.broadcom.com/web/ecx/support-content-noti...

https://datatracker.ietf.org/doc/html/rfc6265#section-4.1.1

Timeline

Vulnerability published
Jun 14, 2024
Vulnerability Reserved
May 28, 2024