Environment
Access Manager 4.3
Access Gateway Embedded Service Provider
CVE-2017-14799
CVE-2017-14799
Situation
Input xss can be appended into ESP login url parameters and reflected back into the response message where xss injection execution can be performed.
Resolution
Apply 4.3.3. The fix consists on sanitation/validation of input ESP login URL.