CVE-2024-36459

Severity CVSS v4.0:

Pending analysis

Type:

CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection')

Publication date:

14/06/2024

Last modified:

03/07/2024

Description

A CRLF cross-site scripting vulnerability has been identified in certain configurations of the SiteMinder Web Agent for IIS Web Server and SiteMinder Web Agent for Domino Web Server. As a result, an attacker can execute arbitrary Javascript code in a client browser.

Impact

References to Advisories, Solutions, and Tools

https://datatracker.ietf.org/doc/html/rfc6265#section-4.1.1
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24537