Headline
CVE-2023-23957: Support Content Notification - Support Portal - Broadcom support portal
An authenticated user can see and modify the value for ‘next’ query parameter in Symantec Identity Portal 14.4
Open Redirection Vulnerability in Symantec Identity Portal 14.4
Last Updated
14 September 2023
Initial Publication Date
14 September 2023
Affected CVE
CVE-2023-23957
Summary
This security advisory is to mitigate the Open redirection (DOM) due to insufficient input validation of the next query parameter in Symantec Identity Portal 14.4
Affected Product(s)
Identity Governance And Administration-Identity Portal
CVE
Supported Version(s)
Remediation
CVE-2023-23957
14.4
Customer can upgrade to IGA 14.5
Issue Details
CVE-2023-23957
Severity / CVSS v3.0:
Medium / 6.1 [AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N]
References:
NVD: CVE-2023-23957
Impact:
Open Redirection (DOM-based)
Description:
An authenticated user can see and modify the value for ‘next’ query parameter
Mitigation
- Customers can upgarde to IGA 14.5 (Release Notes: https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/identity-suite/14-5/release-notes.html)
- The fix will be available in the upcoming cumulative hotfixes for 14.4 as applicable
Acknowledgements
- CVE-2023-23957 Kelsey Henton https://www.linkedin.com/in/kelsey-h-b3333221
Revisions
2023-September-14: Initial Public Release