CVE Vulnerabilities

CVE-2015-6853

Insufficient Verification of Data Authenticity

Published: Mar 24, 2016 | Modified: Apr 09, 2021
CVSS 3.x
9.1
CRITICAL
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
CVSS 2.x
6.4 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

The Domino web agent in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, R12.5 before CR5, R12.51 before CR4, and R12.52 before SP1 CR3 allows remote attackers to cause a denial of service (daemon crash) or obtain sensitive information via a crafted request.

Weakness

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

Affected Software

Name Vendor Start Version End Version
Single_sign-on Broadcom r6.0 r6.0
Single_sign-on Broadcom r12.5 r12.5
Single_sign-on Broadcom r12.0j r12.0j
Single_sign-on Broadcom r12.52 r12.52
Single_sign-on Broadcom r12.51 r12.51
Single_sign-on Broadcom r12.0 r12.0

References