CVE-2020-35720

Name of the Vulnerable Software and Affected Versions: Quest Policy Authority version 8.1.2.200

Description: The issue allows remote attackers to store malicious code in multiple fields, such as first name, last name, and logon name, when creating or modifying a user via the "submitUser.jsp" file. This affects products that are no longer supported by the maintainer.

Recommendations: For Quest Policy Authority version 8.1.2.200, as a temporary workaround, consider restricting access to the "submitUser.jsp" file to minimize the risk of exploitation. Additionally, avoid using the first name, last name, and logon name fields in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.