Skip to main content

Single Sign On CVE-2015-6854

CRITICAL
Insufficient Verification of Data Authenticity (CWE-345)
2016-03-24 cve@mitre.org
9.1
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
9.1 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Mar 24, 2016 - 01:59 cve.org
CRITICAL 9.1

DescriptionCVE.org

The non-Domino web agents in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, and R12.5 before CR5 allow remote attackers to cause a denial of service (daemon crash) or obtain sensitive information via a crafted request.

AnalysisAI

The non-Domino web agents in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, and R12.5 before CR5 allow remote attackers to cause a denial of. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-345. The non-Domino web agents in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, and R12.5 before CR5 allow remote attackers to cause a denial of service (daemon crash) or obtain sensitive information via a crafted request. Affected products include: Broadcom Single Sign-On.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2021-4104 HIGH
7.5 Dec 14

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Lo

CVE-2023-48795 MEDIUM POC
5.9 Dec 18

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remot

CVE-2015-2281 HIGH POC
7.5 Mar 19

Stack-based buffer overflow in collectoragent.exe in Fortinet Single Sign On (FSSO) before build 164 allows remote attac

CVE-2023-6563 HIGH POC
7.7 Dec 14

An unconstrained memory consumption vulnerability was discovered in Keycloak. Rated high severity (CVSS 7.7), this vulne

CVE-2022-0853 HIGH POC
7.5 Mar 11

A flaw was found in JBoss-client. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authent

CVE-2022-1466 MEDIUM POC
6.5 Apr 26

Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be

CVE-2020-25689 MEDIUM POC
6.5 Nov 02

A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in

CVE-2024-8883 MEDIUM POC
6.1 Sep 19

A misconfiguration flaw was found in Keycloak. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploita

CVE-2019-10219 MEDIUM POC
6.1 Nov 08

A vulnerability was found in Hibernate-Validator. Rated medium severity (CVSS 6.1), this vulnerability is remotely explo

CVE-2019-10212 CRITICAL
9.8 Oct 02

A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. Rated critical severi

CVE-2019-14379 CRITICAL
9.8 Jul 29

SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (becau

CVE-2025-12543 CRITICAL
9.6 Jan 07

Undertow HTTP server (used in WildFly, JBoss EAP) fails to validate Host headers, enabling cache poisoning, internal net

Share

CVE-2015-6854 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy