CVE-2011-4054

Name of the Vulnerable Software and Affected Versions CA SiteMinder R6 SP6 before CR7 CA SiteMinder R12 SP3 before CR8

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the postpreservationdata parameter in the login.fcc component. This could potentially lead to unauthorized actions on behalf of the user.

Recommendations For CA SiteMinder R6 SP6, update to CR7 or later to resolve the issue. For CA SiteMinder R12 SP3, update to CR8 or later to resolve the issue. As a temporary workaround, consider restricting access to the login.fcc component to minimize the risk of exploitation. Avoid using the postpreservationdata parameter in the affected component until the issue is resolved.