CVE-2024-36459

EUVD-2024-36103
A CRLF cross-site scripting vulnerability has been identified in certain configurations of the SiteMinder Web Agent for IIS Web Server and SiteMinder Web Agent for Domino Web Server. As a result, an attacker can execute arbitrary Javascript code in a client browser.
CRLF Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
broadcomsymantec_siteminder
𝑥
≤ r12.52_sp1_cr11
ADP
Common Weakness Enumeration
References
https://datatracker.ietf.org/doc/html/rfc6265#section-4.1.1
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24537
https://datatracker.ietf.org/doc/html/rfc6265#section-4.1.1
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24537