CA Identity Governance CVE-2017-9394 HTML Injection Vulnerability



CA Identity Governance is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
CA Identity Governance 12.6 is vulnerable; other versions may also be affected.

Information

Bugtraq ID: 101849
Class: Input Validation Error
CVE: CVE-2017-9394

Remote: Yes
Local: No
Published: Nov 15 2017 12:00AM
Updated: Nov 15 2017 12:00AM
Credit: Jake Miller of Blue Canopy.
Vulnerable: Ca Identity Governance 12.6


Not Vulnerable: Ca Identity Governance 12.6.5


Exploit


An attacker can exploit this issue using a web browser.


Related Posts

Comments