Open Redirection Vulnerability in Symantec Identity Portal 14.4 - CVE-2023-23957
search cancel

Open Redirection Vulnerability in Symantec Identity Portal 14.4 - CVE-2023-23957

book

Article ID: 273584

calendar_today

Updated On:

Products

CA Identity Portal CA Identity Suite

Issue/Introduction

A security advisory has been issued for Open Redirection Vulnerability in Symantec Identity Portal 14.4  (CVE-2023-23957)

Advisory link: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/Open-Redirection-Vulnerability-in-Symantec-Identity-Portal-14-4/22544

CVE-2023-23957: https://nvd.nist.gov/vuln/detail/CVE-2023-23957

Severity: Medium

Impact: Open Redirection (DOM-based)

Description: An authenticated user can see and modify the value for ‘next’ query parameter

Environment

Identity Portal (14.4.x) only (Identity Manager and Identity Governance is not impacted)

Resolution

Remediation:

Customers can upgrade to IGA 14.5 (Release Notes: https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/identity-suite/14-5/release-notes.html)

The following fixes are published to be applied on top of Identity Portal 14.4 CP2 (the fix also includes files needed to patch Identity Manager 14.4 CP2 as updating Identity Portal has a dependency on updating Identity Manager to match):

Patch for vApp:

https://support.broadcom.com/web/ecx/solutiondetails?aparNo=99111883&os=COS

Patch for non-vApp:

https://support.broadcom.com/web/ecx/solutiondetails?aparNo=99111882&os=MULTI-PLATFORM

Powered by Wolken Software