NotCVE - vendor:"Broadcom" product:"Symantec Identity Governance And Administration"

6 results (0.007 seconds)

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0

CVE-2023-23949

https://notcve.org/view.php?id=CVE-2023-23949

24 Jan 2023 — An authenticated user can supply malicious HTML and JavaScript code that will be executed in the client browser. Un usuario autenticado puede proporcionar código HTML y JavaScript malicioso que se ejecutará en el navegador del cliente. • https://support.broadcom.com/external/content/SecurityAdvisories/0/21174 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 5EXPL: 0

CVE-2023-23951

https://notcve.org/view.php?id=CVE-2023-23951

24 Jan 2023 — Ability to enumerate the Oracle LDAP attributes for the current user by modifying the query used by the application Capacidad de enumerar los atributos LDAP de Oracle para el usuario actual modificando la consulta utilizada por la aplicación. • https://support.broadcom.com/external/content/SecurityAdvisories/0/21174 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 5EXPL: 0

CVE-2023-23950

https://notcve.org/view.php?id=CVE-2023-23950

24 Jan 2023 — User’s supplied input (usually a CRLF sequence) can be used to split a returning response into two responses. La entrada proporcionada por el usuario (normalmente una secuencia CRLF) se puede utilizar para dividir una respuesta devuelta en dos respuestas. • https://support.broadcom.com/external/content/SecurityAdvisories/0/21174 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0

CVE-2022-25628

https://notcve.org/view.php?id=CVE-2022-25628

16 Dec 2022 — An authenticated user can perform XML eXternal Entity injection in Management Console in Symantec Identity Manager 14.4 Un usuario autenticado puede realizar una inyección de entidad externa XML en Management Console en Symantec Identity Manager 14.4 • https://support.broadcom.com/external/content/SecurityAdvisories/0/21136 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0

CVE-2022-25627

https://notcve.org/view.php?id=CVE-2022-25627

16 Dec 2022 — An authenticated administrator who has physical access to the environment can carry out Remote Command Execution on Management Console in Symantec Identity Manager 14.4 Un administrador autenticado que tenga acceso físico al entorno puede realizar una ejecución remota de comandos en Management Console en Symantec Identity Manager 14.4 • https://support.broadcom.com/external/content/SecurityAdvisories/0/21136 •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2022-25626

https://notcve.org/view.php?id=CVE-2022-25626

16 Dec 2022 — An unauthenticated user can access Identity Manager’s management console specific page URLs. However, the system doesn’t allow the user to carry out server side tasks without a valid web session. Un usuario no autenticado puede acceder a las URL de páginas específicas de la consola de administración de Identity Manager. Sin embargo, el sistema no permite al usuario realizar tareas del lado del servidor sin una sesión web válida. • https://support.broadcom.com/external/content/SecurityAdvisories/0/21136 •