CA Identity Manager Vulnerability regarding XSS and Clickjacking
search cancel

CA Identity Manager Vulnerability regarding XSS and Clickjacking

book

Article ID: 276324

calendar_today

Updated On:

Products

CA Identity Manager

Issue/Introduction

The concern is about the XSS and Clickjacking Vulnerability

Environment

IDM 14.4

Resolution

 we have sufficient defense implementation to prevent those attacks with alternate approaches. At the same time, we aimed to CONCLUDE  adding or not adding a CSP header for our applications (IM, IG, and IP) as part of IGA v14.5.1 (tentative planned date of release is May 2024). 


We do have "X-Frame-Options: SAMEORIGIN" and "X-Xss-Protection: 1; mode=block" and an internal framework filter that strongly defend from XSS or Clickjacking attacks. In spite of these defense mechanisms, if there's any vulnerability identified then we'll address that immediately with high priority.