cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-23957,https://securityvulnerability.io/vulnerability/CVE-2023-23957,Open Redirection Vulnerability in Symantec Identity Portal 14.4,An authenticated user can see and modify the value for ‘next’ query parameter in Symantec Identity Portal 14.4,Symantec - A Division of Broadcom,Symantec Identity Governance And Administration,5.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2023-09-19T13:16:00.000Z,0
CVE-2022-25626,https://securityvulnerability.io/vulnerability/CVE-2022-25626,Access Control Issue in Broadcom Identity Manager Management Console,"An access control vulnerability in Broadcom Identity Manager allows unauthenticated users to view specific management console page URLs. While users can access these pages, they cannot perform server-side tasks without establishing a valid web session. This limitation highlights the importance of session validation to mitigate unauthorized access risks.",Broadcom,Symantec Identity Governance And Administration,5.3,MEDIUM,0.0007200000109151006,false,,false,false,false,,,false,false,,2022-12-16T00:00:00.000Z,0
CVE-2022-25627,https://securityvulnerability.io/vulnerability/CVE-2022-25627,Remote Command Execution Vulnerability in Symantec Identity Manager by Broadcom,"An authenticated administrator with physical access to the environment can exploit a vulnerability in Symantec Identity Manager 14.4, allowing them to execute arbitrary commands remotely on the Management Console. This could potentially lead to unauthorized access and manipulation of sensitive data. Organizations using this version should take immediate precautions to secure their environments.",Broadcom,Symantec Identity Governance And Administration,6.7,MEDIUM,0.001509999972768128,false,,false,false,false,,,false,false,,2022-12-16T00:00:00.000Z,0
CVE-2022-25628,https://securityvulnerability.io/vulnerability/CVE-2022-25628,XML eXternal Entity Injection Vulnerability in Symantec Identity Manager,"In Symantec Identity Manager 14.4, an authenticated user can exploit an XML eXternal Entity (XXE) injection vulnerability through the Management Console. This flaw may allow the attacker to access sensitive data, perform denial-of-service attacks, or invoke other unintended behaviors within the system. It is essential for organizations to apply necessary patches and follow security best practices to mitigate this risk.",Broadcom,Symantec Identity Governance And Administration,8.8,HIGH,0.0011399999493733048,false,,false,false,false,,,false,false,,2022-12-16T00:00:00.000Z,0