Vulnerability Note VU#713012
CA Siteminder login.fcc form xss vulnerability
CA Siteminder R6 SP6 CR7, R12 SP3 CR8 and possibly previous versions, are vulnerable to a reflective cross site scripting (XSS) vulnerability.
An attacker with access to the CA Siteminder can conduct a cross site scripting attack, which could be used to result in information leakage, privilege escalation, and/or denial of service.
The vendor has confirmed that this vulnerability has been addressed in SiteMinder R6 SP6 CR8 and SiteMinder R12 SP3 CR9.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Computer Associates||Affected||05 Oct 2011||09 Dec 2011|
CVSS Metrics (Learn More)
Thanks to Jon Passki of Aspect Security for reporting this vulnerability.
This document was written by Michael Orlando.
- CVE IDs: CVE-2011-4054
- Date Public: 07 Dec 2011
- Date First Published: 07 Dec 2011
- Date Last Updated: 09 Dec 2011
- Severity Metric: 0.14
- Document Revision: 17
If you have feedback, comments, or additional information about this vulnerability, please send us email.