CVE-2015-6854
critical
CVSS v3
9.1
CVSS v4 NEW
โ
VIR risk
9.1
Description
The non-Domino web agents in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, and R12.5 before CR5 allow remote attackers to cause a denial of service (daemon crash) or obtain sensitive information via a crafted request.
Predictions
Exploit likelihood
94%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| broadcom | single_sign-on | r6.0 | |
| broadcom | single_sign-on | r12.0 | |
| broadcom | single_sign-on | r12.0j | |
| broadcom | single_sign-on | r12.5 | |
References
- http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20160323-01-security-notice-for-ca-single-sign-on-web-agents.aspx
- http://www.securitytracker.com/id/1035389
- http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20160323-01-security-notice-for-ca-single-sign-on-web-agents.aspx
- http://www.securitytracker.com/id/1035389
CWEs
CWE-345
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.