HomePentest-Tools.com Logo

CA SiteMinder target Parameter Cross-Site Scripting Vulnerability CVE-2011-4054

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

CA SiteMinder is prone to a cross-site scripting (XSS) vulnerability.

Risk description

The flaw is due to improper validation of user-supplied input passed to the target POST parameter in login.fcc (when postpreservationdata is set to fail), which allows attackers to execute arbitrary HTML and script code in a users browser session in the context of an affected site. Successful exploitation will allow remote attackers to insert arbitrary HTML and script code, which will be executed in a users browser session in the context of an affected site.

Recommendation

Upgrade to CA SiteMinder R6 SP6 CR8, R12 SP3 CR9 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Dec 8, 2011
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available