CA Technologies Support is alerting customers to a potential risk in CA SiteMinder, CA Federation Manager, CA SOA Security Manager, CA SiteMinder Secure Proxy Server, and CA SiteMinder SharePoint Agent. A vulnerability exists that can allow a malicious user to execute a reflected cross site scripting (XSS) attack. CA Technologies has issued patches to address the vulnerability. The vulnerability occurs due to insufficient validation of postpreservationdata parameter input utilized in the login.fcc form. A malicious user can submit a specially crafted request to effectively hijack a victim's browser.
bee32b648c27b81d977c473a860c1af6b9a6ed55ee8678a203114d875ae45257
CA Technologies Support is alerting customers to a potential risk in CA SiteMinder. A vulnerability exists that can allow a malicious user to execute a reflected cross site scripting (XSS) attack. CA Technologies has issued patches to address the vulnerability. The vulnerability occurs due to insufficient validation of postpreservationdata parameter input utilized in the login.fcc form. A malicious user can submit a specially crafted request to effectively hijack a victim’s browser.
5f7582e4c67739253ed079afcbce2912fb91b1a5d275896bcb931df277369cf8