Skip to main content

Symantec Identity Governance And Administration

6 CVEs product

Monthly

CVE-2023-23951 MEDIUM This Month

Ability to enumerate the Oracle LDAP attributes for the current user by modifying the query used by the application. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle XSS Symantec Identity Governance And Administration Symantec Identity Manager
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-23950 MEDIUM This Month

User’s supplied input (usually a CRLF sequence) can be used to split a returning response into two responses. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Symantec Identity Governance And Administration Symantec Identity Manager
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-23949 MEDIUM This Month

An authenticated user can supply malicious HTML and JavaScript code that will be executed in the client browser. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Symantec Identity Governance And Administration Symantec Identity Manager
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-25628 HIGH This Week

An authenticated user can perform XML eXternal Entity injection in Management Console in Symantec Identity Manager 14.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Symantec Identity Governance And Administration
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-25627 MEDIUM This Month

An authenticated administrator who has physical access to the environment can carry out Remote Command Execution on Management Console in Symantec Identity Manager 14.4. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Symantec Identity Governance And Administration
NVD
CVSS 3.1
6.7
EPSS
0.9%
CVE-2022-25626 MEDIUM This Month

An unauthenticated user can access Identity Manager’s management console specific page URLs. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Symantec Identity Governance And Administration
NVD
CVSS 3.1
5.3
EPSS
0.7%
EPSS 1% CVSS 6.1
MEDIUM This Month

Ability to enumerate the Oracle LDAP attributes for the current user by modifying the query used by the application. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle XSS Symantec Identity Governance And Administration +1
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

User’s supplied input (usually a CRLF sequence) can be used to split a returning response into two responses. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Symantec Identity Governance And Administration Symantec Identity Manager
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

An authenticated user can supply malicious HTML and JavaScript code that will be executed in the client browser. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Symantec Identity Governance And Administration Symantec Identity Manager
NVD
EPSS 1% CVSS 8.8
HIGH This Week

An authenticated user can perform XML eXternal Entity injection in Management Console in Symantec Identity Manager 14.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Symantec Identity Governance And Administration
NVD
EPSS 1% CVSS 6.7
MEDIUM This Month

An authenticated administrator who has physical access to the environment can carry out Remote Command Execution on Management Console in Symantec Identity Manager 14.4. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Symantec Identity Governance And Administration
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

An unauthenticated user can access Identity Manager’s management console specific page URLs. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Symantec Identity Governance And Administration
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy