In October, CyberCX discovered three distinct vulnerabilities in Symantec Identity Manager 14.3 during a routine penetration test. This blog outlines how we found them and the complexities of exploiting them in our customer’s environment, which involved a Web Application Firewall (WAF) that it was not possible to disable during the test.
Zero days in common identity manager system (And the complexities of exploiting them via a WAF)