exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

CA Identity Governance 12.6 Cross Site Scripting

CA Identity Governance 12.6 Cross Site Scripting
Posted Nov 15, 2017
Authored by Kevin Kotas, Jake Miller | Site www3.ca.com

CA Identity Governance version 12.6 suffers from a cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2017-9394
SHA-256 | aad777eb35b7f0095b61e0b61482090142d26c18db84ef8693c72377ea6cf30b

CA Identity Governance 12.6 Cross Site Scripting

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

CA20171114-01: Security Notice for CA Identity Governance

Issued: November 14, 2017
Last Updated: November 14, 2017

CA Technologies support is alerting customers to a potential risk
with CA Identity Governance. A vulnerability exists that can
potentially allow a malicious actor to conduct cross-site scripting
attacks. CA published a solution to resolve the issue.

The vulnerability, CVE-2017-9394, occurs due to insufficient input
validation that can result in a stored cross-site scripting
vulnerability. The vulnerability can allow an authenticated remote
attacker to display HTML or execute script in the context of another
user.

Risk Rating

Medium

Platform(s)

All Server Environments where CA Identity Governance can be deployed.
Please refer to the Platform Support Matrix in the product
documentation at https//docops.ca.com

Affected Products

CA Identity Governance 12.6

Note: CA Identity Governance (formerly GovernanceMinder) releases
prior to 12.6 are no longer supported

Unaffected Products

CA Identity Governance 14.0, 14.1

How to determine if the installation is affected

Use the web interface to determine the version and check the version
against the affected products list.

Solution

CA Identity Governance 12.6.5:
Update to CA Identity Governance 12.6.5 CR1 CP3 - RS98844

CA Identity Governance releases previous to 12.6.5:
Open a support ticket to request a hotfix

References

CVE-2017-9394 - CA Identity Governance stored XSS

Acknowledgement

CVE-2017-9394 - Jake Miller of Blue Canopy - A Jacobs company

Change History

Version 1.0: Initial Release

If additional information is required, please contact CA Technologies
Support at https://support.ca.com/

If you discover a vulnerability in CA Technologies products, please
report your findings to CA Technologies Product Vulnerability
Response at vuln <AT> ca.com

Security Notices and PGP key
support.ca.com/irj/portal/anonymous/phpsbpldgpg
www.ca.com/us/support/ca-support-online/documents.aspx?id=177782

Regards,

Kevin Kotas
Vulnerability Response Director
CA Technologies Product Vulnerability Response

Copyright (c) 2017 CA. 520 Madison Avenue, 22nd Floor, New York, NY
10022. All other trademarks, trade names, service marks, and logos
referenced herein belong to their respective companies.

-----BEGIN PGP SIGNATURE-----
Version: Encryption Desktop
Charset: utf-8

wsFVAwUBWgse1MMr2sgsME5lAQq+dQ/9FKU/gOIc5DNXauei+NfHuwA+BoiIA0yc
PMWr2WIPT7skEFy/T46sKHN1TMVGCG/rUPlPL+BA46oicb9Wvk+0J4VvTheT3E1m
fracPD4As/sNQiMmDYYGjC38Acf0/zqEtBBD5KAcbvV+RvRWn+mOaKjhxBbKOJ5O
Xr1bDCEkRRhtVIqZEXVzexX/14OEWX3E5elDXQ6tVHhwtE33sNzoIk+Z+oblXIO7
CwwAHtgGqCJ8q0biA8z6eXQ7rKQsxaZjAkZq3BCNG5QbFzo4jeO+VAKR+usnIbhW
qiFrfqromX07E8nEt60SJebYIx4VSpdkEHhCMmNSKMEwKzA1Ux0SXaXreG5qt3xt
da81cAJPgxZ+1TupiIUH2yO8dnYtdpWqoPFD4Iiv7Z7hhoP2BkCt0GPyH6l14IiM
nne+WYhyhGRz1ksS5Z2hxzXLH1XBX8pFOGnLQji/5z9V09gacB93kgDw5ye7+wxc
+gxiggyDdtCRRGQ+PSAvGz39GGcDNhu6tBzrOXoYUufuSSX2WjWIv0ZzXL9xKUxP
Ax3AVot/wNr9gRBYZOh0Xb+/7KW82Va1jl9UMwlkxKjoEsjrhZWIzEgYLdEtR0Xr
wcHORXxEzre1/5xQ1WyMidmFDw3gSyY5B1v0XEnW75KSmzvdSv/NDYEWTOgCfN0l
wOjhbaCuKsc=
=DQbf
-----END PGP SIGNATURE-----


Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    21 Files
  • 17
    Sep 17th
    51 Files
  • 18
    Sep 18th
    23 Files
  • 19
    Sep 19th
    48 Files
  • 20
    Sep 20th
    36 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    38 Files
  • 24
    Sep 24th
    65 Files
  • 25
    Sep 25th
    24 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close