CVE-2024-36459

HIGH

Symantec SiteMinder >=R12.52 SP1 CR11 <R12.52 SP1 CR11 and <R12.8 - Cross-Site Scripting via CRLF Injection

Title source: llm

Description

A CRLF cross-site scripting vulnerability has been identified in certain configurations of the SiteMinder Web Agent for IIS Web Server and SiteMinder Web Agent for Domino Web Server. As a result, an attacker can execute arbitrary Javascript code in a client browser.

References (2)

Core 2

Core References

Various Sources

https://datatracker.ietf.org/doc/html/rfc6265#section-4.1.1

Various Sources

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24537

Scores

CVSS v4 8.4

EPSS 0.0042

EPSS Percentile 33.4%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-93

Status published

Products (2)

Broadcom/Symantec SiteMinder R 12.52 SP1 CR11 and below

Broadcom/Symantec SiteMinder R12.8

Published Jun 14, 2024

Tracked Since Feb 18, 2026