CVE-2023-23951Cross-site Scripting in Symantec Identity Governance AND Administration

CWE-79Cross-site Scripting3 documents3 sources
Severity
6.1MEDIUMNVD
EPSS
0.5%
top 32.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Broadcom Symantec Identity Governance AND AdministrationBroadcom Symantec Identity Manager
Timeline
PublishedJan 26

Description

Ability to enumerate the Oracle LDAP attributes for the current user by modifying the query used by the application

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-7f7r-ffv7-v52r: Ability to enumerate the Oracle LDAP attributes for the current user by modifying the query used by the application2023-01-26
CVEList
CVE-2023-23951: Ability to enumerate the Oracle LDAP attributes for the current user by modifying the query used by the application2023-01-24
CVE-2023-23951 — Cross-site Scripting | cvebase