Skip to main content

Symantec Identity Manager

3 CVEs product

Monthly

CVE-2023-23951 MEDIUM This Month

Ability to enumerate the Oracle LDAP attributes for the current user by modifying the query used by the application. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle XSS Symantec Identity Governance And Administration Symantec Identity Manager
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-23950 MEDIUM This Month

User’s supplied input (usually a CRLF sequence) can be used to split a returning response into two responses. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Symantec Identity Governance And Administration Symantec Identity Manager
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-23949 MEDIUM This Month

An authenticated user can supply malicious HTML and JavaScript code that will be executed in the client browser. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Symantec Identity Governance And Administration Symantec Identity Manager
NVD
CVSS 3.1
5.4
EPSS
0.6%
EPSS 1% CVSS 6.1
MEDIUM This Month

Ability to enumerate the Oracle LDAP attributes for the current user by modifying the query used by the application. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle XSS Symantec Identity Governance And Administration +1
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

User’s supplied input (usually a CRLF sequence) can be used to split a returning response into two responses. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Symantec Identity Governance And Administration Symantec Identity Manager
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

An authenticated user can supply malicious HTML and JavaScript code that will be executed in the client browser. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Symantec Identity Governance And Administration Symantec Identity Manager
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy