CVE-2023-23951

Name of the Vulnerable Software and Affected Versions Broadcom Symantec Identity Manager and Symantec Identity Governance and Administration (affected versions not specified)

Description The issue is related to the Oracle LDAP Attribute Handler component, which fails to protect the web page structure. This can be exploited by a remote attacker to conduct a cross-site scripting (XSS) attack. The vulnerability also allows an attacker to enumerate Oracle LDAP attributes for the current user by modifying the query used by the application.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.