Siteminder Solution for webagent's vulnerability CVE-2023-23956
search cancel

Siteminder Solution for webagent's vulnerability CVE-2023-23956

book

Article ID: 272635

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction

Priority vulnerability associated with SiteMinder, related to the following

CVE: https://nvd.nist.gov/vuln/detail/CVE-2023-23956

Environment

Release : R12.52 webagents

Cause

Technical details

As we can see in the URLs that were reported, they all go to the same path, /siteminderagent/forms/smpwservices.fcc.

https://api-broadcom-ca-user.wolkenservicedesk.com/attachment/get_attachment_content?uniqueFileId=q8Hc2BL4V89MiK5gWAQyaw==

 

The main difference is the parameter where the payload goes, but they are both related to password services.

In such cases, the problem is that the input that is entered on the USERNAME parameter is entered directly into the DOM with the method document.write(), which is inherently susceptible to XSS as it can insert HTML and JavaScript into the DOM. We can see that in the HTTP response for any of the reported URLs.

https://api-broadcom-ca-user.wolkenservicedesk.com/attachment/get_attachment_content?uniqueFileId=Db5NNW36KZutMlJtm7C92w==

 

Resolution

->Add the following the Agent Configuration Object (ACO) parameters

FCCHTMLEncoding = no
FCCHTMLEncodingChars = %22,%26,%27,%3c,%3e,%5c

-> Rerun the vulnerability scan and report to Broadcom support to assist further on this vulnerability.

Additional Information

###### REFERENCES ######

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/web-agent-configuration/user-protection/help-prevent-attacks.html