CA Identity Governance CVE-2017-9394 HTML Injection Vulnerability

CA Identity Governance is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
CA Identity Governance 12.6 is vulnerable; other versions may also be affected.

Information

Bugtraq ID: 101849
Class: Input Validation Error
CVE: CVE-2017-9394

Remote: Yes
Local: No
Published: Nov 15 2017 12:00AM
Updated: Nov 15 2017 12:00AM
Credit: Jake Miller of Blue Canopy.
Vulnerable: Ca Identity Governance 12.6

Not Vulnerable: Ca Identity Governance 12.6.5

Exploit

An attacker can exploit this issue using a web browser.

References:

CA Homepage (CA Technologies)
CA20171114-01: Security Notice for CA Identity Governance (CA)

Source: www.securityfocus.com

Exploit Collector

Search Exploit