Symantec Identity Governance And Administration
Monthly
Ability to enumerate the Oracle LDAP attributes for the current user by modifying the query used by the application. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
User’s supplied input (usually a CRLF sequence) can be used to split a returning response into two responses. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An authenticated user can supply malicious HTML and JavaScript code that will be executed in the client browser. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An authenticated user can perform XML eXternal Entity injection in Management Console in Symantec Identity Manager 14.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An authenticated administrator who has physical access to the environment can carry out Remote Command Execution on Management Console in Symantec Identity Manager 14.4. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
An unauthenticated user can access Identity Manager’s management console specific page URLs. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Ability to enumerate the Oracle LDAP attributes for the current user by modifying the query used by the application. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
User’s supplied input (usually a CRLF sequence) can be used to split a returning response into two responses. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An authenticated user can supply malicious HTML and JavaScript code that will be executed in the client browser. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An authenticated user can perform XML eXternal Entity injection in Management Console in Symantec Identity Manager 14.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An authenticated administrator who has physical access to the environment can carry out Remote Command Execution on Management Console in Symantec Identity Manager 14.4. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
An unauthenticated user can access Identity Manager’s management console specific page URLs. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.