Critical severity9.1NVD Advisory· Published Mar 24, 2016· Updated May 6, 2026

CVE-2015-6854

Description

The non-Domino web agents in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, and R12.5 before CR5 allow remote attackers to cause a denial of service (daemon crash) or obtain sensitive information via a crafted request.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20160323-01-security-notice-for-ca-single-sign-on-web-agents.aspxnvdVendor Advisory
www.securitytracker.com/id/1035389nvd

News mentions

No linked articles in our index yet.

cvss	0.591
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000