Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
broadcom siteminder vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2013-5968
Cross-site scripting (XSS) vulnerability in CA SiteMinder 12.0 up to and including 12.51, and SiteMinder 6 Web Agents, allows remote malicious users to inject arbitrary web script or HTML via vectors involving a " (double quote) character.
Ca Web Agents 6.0
Broadcom Siteminder 12.0
Broadcom Siteminder 12.5
Broadcom Siteminder 12.51
516
VMScore
CVE-2005-10001
A vulnerability was found in Netegrity SiteMinder up to 4.5.1 and classified as critical. Affected by this issue is the file /siteminderagent/pwcgi/smpwservicescgi.exe of the component Login. The manipulation of the argument target leads to an open redirect. The exploit has been ...
Broadcom Symantec Siteminder 4.5.0
Broadcom Symantec Siteminder 4.5.1
383
VMScore
CVE-2011-1718
The Web Agents component in CA SiteMinder R6 before SP6 CR2 and R12 before SP3 CR2 does not properly handle multi-line headers, which allows remote authenticated users to conduct impersonation attacks and gain privileges via crafted data.
Ca Siteminder 6
Broadcom Siteminder 12.0
435
VMScore
CVE-2007-5923
Cross-site scripting (XSS) vulnerability in forms/smpwservices.fcc in CA (formerly Computer Associates) eTrust SiteMinder Agent allows remote malicious users to inject arbitrary web script or HTML via the SMAUTHREASON parameter, a different vector than CVE-2005-2204.
Broadcom Etrust Siteminder
1 EDB exploit
435
VMScore
CVE-2009-2705
CA SiteMinder allows remote malicious users to bypass cross-site scripting (XSS) protections for J2EE applications via a request containing non-canonical, "overlong Unicode" in place of blacklisted characters.
Sun J2ee
Broadcom Siteminder
1 EDB exploit
383
VMScore
CVE-2005-2204
Cross-site scripting (XSS) vulnerability in Computer Associates (CA) eTrust SiteMinder 5.5, when the "CSSChecking" parameter is set to "NO," allows remote malicious users to inject arbitrary web script or HTML via the (1) PASSWORD or (2) BUFFER parameters to s...
Broadcom Etrust Siteminder 5.5
NA
CVE-2023-23956
A user can supply malicious HTML and JavaScript code that will be executed in the client browser
Broadcom Symantec Siteminder Webagent 12.52
570
VMScore
CVE-2015-6853
The Domino web agent in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, R12.5 before CR5, R12.51 before CR4, and R12.52 before SP1 CR3 allows remote malicious users to cause a denial of service (daemon crash) or obtain sensitiv...
Broadcom Single Sign-on R12.0j
Broadcom Single Sign-on R12.0
Broadcom Single Sign-on R12.52
Broadcom Single Sign-on R12.51
Broadcom Single Sign-on R12.5
Broadcom Single Sign-on R6.0
570
VMScore
CVE-2015-6854
The non-Domino web agents in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, and R12.5 before CR5 allow remote malicious users to cause a denial of service (daemon crash) or obtain sensitive information via a crafted request.
Broadcom Single Sign-on R12.0
Broadcom Single Sign-on R6.0
Broadcom Single Sign-on R12.5
Broadcom Single Sign-on R12.0j
1 Github repository
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started