PT-2011-4832 · Ca · Ca Siteminder

Jon Passki

Published

2011-12-08

Updated

2012-03-05

CVE-2011-4054

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions CA SiteMinder R6 SP6 before CR7 CA SiteMinder R12 SP3 before CR8

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the postpreservationdata parameter in the login.fcc component. This could potentially lead to unauthorized actions on behalf of the user.

Recommendations For CA SiteMinder R6 SP6, update to CR7 or later to resolve the issue. For CA SiteMinder R12 SP3, update to CR8 or later to resolve the issue. As a temporary workaround, consider restricting access to the login.fcc component to minimize the risk of exploitation. Avoid using the postpreservationdata parameter in the affected component until the issue is resolved.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2011-4054

Affected Products

Ca Siteminder

PT-2011-4832 · Ca · Ca Siteminder

CVE-2011-4054

Weakness Enumeration

Related Identifiers

Affected Products

References · 4