Published: 24/03/2016 Updated: 09/04/2021

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

CVSS v3 Base Score: 9.1 | Impact Score: 5.2 | Exploitability Score: 3.9

VMScore: 570

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P

The non-Domino web agents in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, and R12.5 before CR5 allow remote malicious users to cause a denial of service (daemon crash) or obtain sensitive information via a crafted request.

Vulnerable Product	Search on Vulmon	Subscribe to Product
broadcom single sign-on r12.0
broadcom single sign-on r6.0
broadcom single sign-on r12.5
broadcom single sign-on r12.0j

exploits, tools and miscellaneous

exploits exploits, tools and miscellaneous CVE-2015-6854 Exploit a remote unauthenticated memory disclosure in Siteminder SSO / CA SSO Incorrect decoding of URL results in improperly terminated and reflected string value CVE-2018-1212 Exploits two weak cryptographic session token mechanisms in iDRAC 6 web interfaces to obtain authentication credentials and then deploys a CVE-2

CWE-345 http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20160323-01-security-notice-for-ca-single-sign-on-web-agents.aspx http://www.securitytracker.com/id/1035389 https://nvd.nist.gov https://github.com/guest42069/exploits

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2015-6854

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect