Vulnerabilities > Broadcom > Symantec Identity Governance AND Administration > Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2023-01-26	CVE-2023-23949	Cross-site Scripting vulnerability in Broadcom products An authenticated user can supply malicious HTML and JavaScript code that will be executed in the client browser. network low complexity broadcom CWE-79	5.4
2023-01-26	CVE-2023-23950	Cross-site Scripting vulnerability in Broadcom products User’s supplied input (usually a CRLF sequence) can be used to split a returning response into two responses. network low complexity broadcom CWE-79	6.1
2023-01-26	CVE-2023-23951	Cross-site Scripting vulnerability in Broadcom products Ability to enumerate the Oracle LDAP attributes for the current user by modifying the query used by the application network low complexity broadcom CWE-79	6.1
2022-12-16	CVE-2022-25626	Unspecified vulnerability in Broadcom Symantec Identity Governance and Administration 14.3/14.4 An unauthenticated user can access Identity Manager’s management console specific page URLs. network low complexity broadcom	5.3
2022-12-16	CVE-2022-25627	Unspecified vulnerability in Broadcom Symantec Identity Governance and Administration 14.3/14.4 An authenticated administrator who has physical access to the environment can carry out Remote Command Execution on Management Console in Symantec Identity Manager 14.4 local low complexity broadcom	6.7

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.