CVE-2015-6853

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2015-6853
The Domino web agent in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, R12.5 before CR5, R12.51 before CR4, and R12.52 before SP1 CR3 allows remote attackers to cause a denial of service (daemon crash) or obtain sensitive information via a crafted request.

9.1 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

6.4 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:P

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20160323-01-security-notice-for-ca-single-sign-on-web-agents.aspx Vendor Advisory
http://www.securitytracker.com/id/1035389
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:broadcom:single_sign-on:r12.0j:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:single_sign-on:r12.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:single_sign-on:r12.52:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:single_sign-on:r12.51:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:single_sign-on:r12.5:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:single_sign-on:r6.0:*:*:*:*:*:*:*
Information

Published : 2016-03-23 18:59

Updated : 2021-04-09 11:55

NVD link : CVE-2015-6853

Mitre link : CVE-2015-6853

JSON object : View

CWE
CWE-345

Insufficient Verification of Data Authenticity

Advertisement

dedicated server usa
Products Affected

broadcom

  • single_sign-on