CA Siteminder R6 SP6 CR7, R12 SP3 CR8 and possibly previous versions, are vulnerable to a reflective cross site scripting (XSS) vulnerability.
An attacker with access to the CA Siteminder can conduct a cross site scripting attack, which could be used to result in information leakage, privilege escalation, and/or denial of service.
The vendor has confirmed that this vulnerability has been addressed in SiteMinder R6 SP6 CR8 and SiteMinder R12 SP3 CR9.
Thanks to Jon Passki of Aspect Security for reporting this vulnerability.
This document was written by Michael Orlando.
|Date First Published:||2011-12-07|
|Date Last Updated:||2011-12-09 14:00 UTC|