The Domino web agent in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, R12.5 before CR5, R12.51 before CR4, and R12.52 before SP1 CR3 allows remote attackers to cause a denial of service (daemon crash) or obtain sensitive information via a crafted request.
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Single_sign-on | Broadcom | r6.0 | r6.0 |
Single_sign-on | Broadcom | r12.5 | r12.5 |
Single_sign-on | Broadcom | r12.0j | r12.0j |
Single_sign-on | Broadcom | r12.52 | r12.52 |
Single_sign-on | Broadcom | r12.51 | r12.51 |
Single_sign-on | Broadcom | r12.0 | r12.0 |