Summary
This security advisory covers below vulnerabilities in Symantec Identity Manager
Affected Product(s)
Identity Governance And Administration-Identity Manager | ||
CVE | Supported Version(s) | Remediation |
CVE-2023-23949 | 14.3 CP3 14.4.1 14.4.2 |
Customers who are on 14.3 CP3,14.4 CP1(CHF2) and 14.4 CP2 can apply the hotfixes (link in the 'References' section) |
Identity Governance And Administration-Identity Manager | ||
CVE | Supported Version(s) | Remediation |
CVE-2023-23950 | 14.3 CP3 14.4.1 14.4.2 |
Customers who are on 14.3 CP3,14.4 CP1(CHF2) and 14.4 CP2 can apply the hotfixes (link in the 'References' section) |
Identity Governance And Administration-Identity Manager | ||
CVE | Supported Version(s) | Remediation |
CVE-2023-23951 | 14.3 CP3 14.4.1 14.4.2 |
Customers who are on 14.3 CP3,14.4 CP1(CHF2) and 14.4 CP2 can apply the hotfixes (link in the 'References' section) |
Issue Details
CVE-2023-23949 | |
Severity / CVSS v3.1: | High / 8.1 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N) |
References: | NVD: CVE-2023-23949 |
Impact: | Multiple Reflected Cross-Site Scripting |
Description: | An authenticated user can supply malicious HTML and JavaScript code that will be executed in the client browser |
CVE-2023-23950 | |
Severity / CVSS v3.1: | High / 8.1 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N) |
References: | NVD: CVE-2023-23950 |
Impact: | Response Splitting |
Description: | User’s supplied input (usually a CRLF sequence) can be used to split a returning response into two responses |
CVE-2023-23951 | |
Severity / CVSS v3.0: | {Critical/High/Medium/Low} / X.X [CVSS Vector] |
References: | NVD: CVE-2023-23951 |
Impact: | Oracle LDAP Attribute Information Disclosure |
Description: | Ability to enumerate the Oracle LDAP attributes for the current user by modifying the query used by the application |
The vulnerabilities can be remediated by applying the below hotfixes:
IGA 14.4:
IGA 14.3: