CVE-2015-6854

9.1CRITICAL

Key Information:

Vendor: Broadcom
Status: Single Sign-on
Vendor: CVE Published:; 24 March 2016

Summary

The non-Domino web agents in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, and R12.5 before CR5 allow remote attackers to cause a denial of service (daemon crash) or obtain sensitive information via a crafted request.

References

http://www.securitytracker.com/id/1035389

vdb-entryx_refsource_SECTRACK

http://www.ca.com/us/support/ca-support-online/product-co...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 24, 2016
Vulnerability Reserved
Sep 10, 2015