CA Technologies Support is alerting customers to a low risk issue with CA Identity Governance. In a certain product configuration, an attacker can gain sensitive information. CA published solutions to address the vulnerability. The vulnerability occurs due to how CA Identity Governance responds to login requests. An attacker may exploit the vulnerability to enumerate account names. Affected products include CA Identity Suite Virtual Appliance 14.0, 14.1, and 14.2 and CA Identity Governance 12.6, 14.0, 14.1, and 14.2.
77fb382be97c445901464a21707cba72f39427d270744ebfe38f59cd2119ab24
CA Identity Governance version 12.6 suffers from a cross site scripting vulnerability.
aad777eb35b7f0095b61e0b61482090142d26c18db84ef8693c72377ea6cf30b