Identity Manager or Identity Portal Vulnerability regarding XSS and Clickjacking
search cancel

Identity Manager or Identity Portal Vulnerability regarding XSS and Clickjacking

book

Article ID: 276324

calendar_today

Updated On:

Products

CA Identity Manager

Issue/Introduction

The concern is about the XSS and Clickjacking Vulnerability as the Content Security Policy header is not implemented in IM or IP.

Environment

IM, IP

Resolution

Identity Manager or Identity Portal implements the required headers "X-Frame-Options: SAMEORIGIN, X-Xss-Protection: 1; mode=block" and an internal framework filter that strongly defend from XSS or Clickjacking attacks.