XSS Vulnerability with ESP URL (CVE-2017-14799)

  • 7022358
  • 20-Nov-2017
  • 20-Nov-2017

Environment

Access Manager 4.3
Access Gateway Embedded Service Provider
CVE-2017-14799

Situation

Input xss can be appended into ESP login url parameters and reflected back into the response message where xss injection execution can be performed.

Resolution

Apply 4.3.3. The fix consists on sanitation/validation of input ESP login URL.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.