Skip to main content

Single Sign On CVE-2015-6853

CRITICAL
Insufficient Verification of Data Authenticity (CWE-345)
2016-03-24 cve@mitre.org
9.1
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
9.1 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Mar 24, 2016 - 01:59 cve.org
CRITICAL 9.1

DescriptionCVE.org

The Domino web agent in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, R12.5 before CR5, R12.51 before CR4, and R12.52 before SP1 CR3 allows remote attackers to cause a denial of service (daemon crash) or obtain sensitive information via a crafted request.

AnalysisAI

The Domino web agent in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, R12.5 before CR5, R12.51 before CR4, and R12.52 before SP1 CR3 allows. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-345. The Domino web agent in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, R12.5 before CR5, R12.51 before CR4, and R12.52 before SP1 CR3 allows remote attackers to cause a denial of service (daemon crash) or obtain sensitive information via a crafted request. Affected products include: Broadcom Single Sign-On.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2021-4104 HIGH
7.5 Dec 14

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Lo

CVE-2023-48795 MEDIUM POC
5.9 Dec 18

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remot

CVE-2015-2281 HIGH POC
7.5 Mar 19

Stack-based buffer overflow in collectoragent.exe in Fortinet Single Sign On (FSSO) before build 164 allows remote attac

CVE-2023-6563 HIGH POC
7.7 Dec 14

An unconstrained memory consumption vulnerability was discovered in Keycloak. Rated high severity (CVSS 7.7), this vulne

CVE-2022-0853 HIGH POC
7.5 Mar 11

A flaw was found in JBoss-client. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authent

CVE-2022-1466 MEDIUM POC
6.5 Apr 26

Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be

CVE-2020-25689 MEDIUM POC
6.5 Nov 02

A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in

CVE-2024-8883 MEDIUM POC
6.1 Sep 19

A misconfiguration flaw was found in Keycloak. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploita

CVE-2019-10219 MEDIUM POC
6.1 Nov 08

A vulnerability was found in Hibernate-Validator. Rated medium severity (CVSS 6.1), this vulnerability is remotely explo

CVE-2019-10212 CRITICAL
9.8 Oct 02

A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. Rated critical severi

CVE-2019-14379 CRITICAL
9.8 Jul 29

SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (becau

CVE-2025-12543 CRITICAL
9.6 Jan 07

Undertow HTTP server (used in WildFly, JBoss EAP) fails to validate Host headers, enabling cache poisoning, internal net

Share

CVE-2015-6853 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy