VYPR

Siteminder

by Ca

CVEs (11)

  • CVE-2009-2705Aug 11, 2009
    risk 0.03cvss epss 0.04

    CA SiteMinder allows remote attackers to bypass cross-site scripting (XSS) protections for J2EE applications via a request containing non-canonical, "overlong Unicode" in place of blacklisted characters.

  • CVE-2009-2704Aug 11, 2009
    risk 0.03cvss epss 0.04

    CA SiteMinder allows remote attackers to bypass cross-site scripting (XSS) protections for J2EE applications via a request containing a %00 (encoded null byte).

  • CVE-2005-10001Mar 28, 2022
    risk 0.00cvss epss 0.01

    A vulnerability was found in Netegrity SiteMinder up to 4.5.1 and classified as critical. Affected by this issue is the file /siteminderagent/pwcgi/smpwservicescgi.exe of the component Login. The manipulation of the argument target leads to an open redirect. The exploit has been…

  • CVE-2013-5968Oct 29, 2013
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in CA SiteMinder 12.0 through 12.51, and SiteMinder 6 Web Agents, allows remote attackers to inject arbitrary web script or HTML via vectors involving a " (double quote) character.

  • CVE-2011-4054Dec 8, 2011
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in login.fcc in CA SiteMinder R6 SP6 before CR7 and R12 SP3 before CR8 allows remote attackers to inject arbitrary web script or HTML via the postpreservationdata parameter.

  • CVE-2011-1718Apr 27, 2011
    risk 0.00cvss epss 0.02

    The Web Agents component in CA SiteMinder R6 before SP6 CR2 and R12 before SP3 CR2 does not properly handle multi-line headers, which allows remote authenticated users to conduct impersonation attacks and gain privileges via crafted data.

  • CVE-2005-2204Jul 11, 2005
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Computer Associates (CA) eTrust SiteMinder 5.5, when the "CSSChecking" parameter is set to "NO," allows remote attackers to inject arbitrary web script or HTML via the (1) PASSWORD or (2) BUFFER parameters to smpwservicescgi.exe, (3)…

  • CVE-2003-1312Dec 31, 2003
    risk 0.00cvss epss 0.01

    siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder places a session ID string in the value of the SMSESSION parameter in a URL, which might allow remote attackers to obtain the ID by sniffing, reading Referer logs, or other methods.

  • CVE-2003-1311Dec 31, 2003
    risk 0.00cvss epss 0.01

    siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder does not ensure that the TARGET parameter names a valid redirection resource, which allows remote attackers to construct a URL that might trick users into visiting an arbitrary web site referenced by this parameter.

  • CVE-2001-1455Aug 24, 2001
    risk 0.00cvss epss 0.02

    Netegrity SiteMinder 3.6 through 4.5.1 allows remote attackers to bypass filtering via URLs containing Unicode characters.

  • CVE-2000-0850Nov 14, 2000
    risk 0.00cvss epss 0.02

    Netegrity SiteMinder before 4.11 allows remote attackers to bypass its authentication mechanism by appending "$/FILENAME.ext" (where ext is .ccc, .class, or .jpg) to the requested URL.