Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ca siteminder vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2011-1718
The Web Agents component in CA SiteMinder R6 before SP6 CR2 and R12 before SP3 CR2 does not properly handle multi-line headers, which allows remote authenticated users to conduct impersonation attacks and gain privileges via crafted data.
Ca Siteminder 6
Broadcom Siteminder 12.0
4.3
CVSSv2
CVE-2011-4054
Cross-site scripting (XSS) vulnerability in login.fcc in CA SiteMinder R6 SP6 before CR7 and R12 SP3 before CR8 allows remote malicious users to inject arbitrary web script or HTML via the postpreservationdata parameter.
Ca Siteminder
4.3
CVSSv2
CVE-2013-5968
Cross-site scripting (XSS) vulnerability in CA SiteMinder 12.0 up to and including 12.51, and SiteMinder 6 Web Agents, allows remote malicious users to inject arbitrary web script or HTML via vectors involving a " (double quote) character.
Ca Web Agents 6.0
Broadcom Siteminder 12.0
Broadcom Siteminder 12.5
Broadcom Siteminder 12.51
7.5
CVSSv2
CVE-2013-2279
CA SiteMinder Federation (FSS) 12.5, 12.0, and r6; Federation (Standalone) 12.1 and 12.0; Agent for SharePoint 2010; and SiteMinder for Secure Proxy Server 6.0, 12.0, and 12.5 does not properly verify XML signatures for SAML statements, which allows remote malicious users to spoo...
Siteminder Federation R6.0
Siteminder Agent For Sharepoint 2010
Siteminder Federation 12.0 -
Siteminder Federation 12.0
Siteminder For Secure Proxy Server 6.0
Siteminder Federation 12.1 -
Siteminder For Secure Proxy Server 12.0
Siteminder For Secure Proxy Server 12.5
Siteminder Federation 12.5
4.3
CVSSv2
CVE-2007-5923
Cross-site scripting (XSS) vulnerability in forms/smpwservices.fcc in CA (formerly Computer Associates) eTrust SiteMinder Agent allows remote malicious users to inject arbitrary web script or HTML via the SMAUTHREASON parameter, a different vector than CVE-2005-2204.
Broadcom Etrust Siteminder
1 EDB exploit
4.3
CVSSv2
CVE-2009-2705
CA SiteMinder allows remote malicious users to bypass cross-site scripting (XSS) protections for J2EE applications via a request containing non-canonical, "overlong Unicode" in place of blacklisted characters.
Sun J2ee
Broadcom Siteminder
1 EDB exploit
4.3
CVSSv2
CVE-2005-2204
Cross-site scripting (XSS) vulnerability in Computer Associates (CA) eTrust SiteMinder 5.5, when the "CSSChecking" parameter is set to "NO," allows remote malicious users to inject arbitrary web script or HTML via the (1) PASSWORD or (2) BUFFER parameters to s...
Broadcom Etrust Siteminder 5.5
4.3
CVSSv2
CVE-2009-2704
CA SiteMinder allows remote malicious users to bypass cross-site scripting (XSS) protections for J2EE applications via a request containing a %00 (encoded null byte).
Sun J2ee
1 EDB exploit
6.4
CVSSv2
CVE-2015-6854
The non-Domino web agents in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, and R12.5 before CR5 allow remote malicious users to cause a denial of service (daemon crash) or obtain sensitive information via a crafted request.
Broadcom Single Sign-on R12.0
Broadcom Single Sign-on R6.0
Broadcom Single Sign-on R12.5
Broadcom Single Sign-on R12.0j
1 Github repository
6.4
CVSSv2
CVE-2015-6853
The Domino web agent in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, R12.5 before CR5, R12.51 before CR4, and R12.52 before SP1 CR3 allows remote malicious users to cause a denial of service (daemon crash) or obtain sensitiv...
Broadcom Single Sign-on R12.0j
Broadcom Single Sign-on R12.0
Broadcom Single Sign-on R12.52
Broadcom Single Sign-on R12.51
Broadcom Single Sign-on R12.5
Broadcom Single Sign-on R6.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started