Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-23957: Support Content Notification - Support Portal - Broadcom support portal

An authenticated user can see and modify the value for ‘next’ query parameter in Symantec Identity Portal 14.4

CVE
Open in Source
#vulnerability#auth

Open Redirection Vulnerability in Symantec Identity Portal 14.4

Last Updated

14 September 2023

Initial Publication Date

14 September 2023

Affected CVE

CVE-2023-23957

Summary

This security advisory is to mitigate the Open redirection (DOM) due to insufficient input validation of the next query parameter in Symantec Identity Portal 14.4

Affected Product(s)

Identity Governance And Administration-Identity Portal

CVE

Supported Version(s)

Remediation

CVE-2023-23957

14.4

Customer can upgrade to IGA 14.5

Issue Details

CVE-2023-23957

Severity / CVSS v3.0:

Medium / 6.1 [AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N]

References:

NVD: CVE-2023-23957

Impact:

Open Redirection (DOM-based)

Description:

An authenticated user can see and modify the value for ‘next’ query parameter

Mitigation

  • Customers can upgarde to IGA 14.5 (Release Notes: https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/identity-suite/14-5/release-notes.html)
  • The fix will be available in the upcoming cumulative hotfixes for 14.4 as applicable

Acknowledgements

  • CVE-2023-23957 Kelsey Henton https://www.linkedin.com/in/kelsey-h-b3333221

Revisions

2023-September-14: Initial Public Release

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE