Lucene search

[email protected]CVE-2015-6854

HistoryMar 24, 2016 - 1:59 a.m.

CVE-2015-6854

2016-03-2401:59:02

CWE-345

[email protected]

web.nvd.nist.gov

cve-2015-6854

ca single sign-on

sso

siteminder

r12.0

r12.0j

r12.5

denial of service

information disclosure

remote attackers

daemon crash

sensitive information

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

8.7 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.0%

JSON

The non-Domino web agents in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, and R12.5 before CR5 allow remote attackers to cause a denial of service (daemon crash) or obtain sensitive information via a crafted request.

Affected configurations

NVD

Node

broadcomsingle_sign-onMatchr6.0

broadcomsingle_sign-onMatchr12.0

broadcomsingle_sign-onMatchr12.0j

broadcomsingle_sign-onMatchr12.5

CPENameOperatorVersion
broadcom:single_sign-onbroadcom single sign-oneqr6.0
broadcom:single_sign-onbroadcom single sign-oneqr12.0
broadcom:single_sign-onbroadcom single sign-oneqr12.0j
broadcom:single_sign-onbroadcom single sign-oneqr12.5

CPE	Name	Operator	Version
broadcom:single_sign-on	broadcom single sign-on	eq	r6.0
broadcom:single_sign-on	broadcom single sign-on	eq	r12.0
broadcom:single_sign-on	broadcom single sign-on	eq	r12.0j
broadcom:single_sign-on	broadcom single sign-on	eq	r12.5

References

www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20160323-01-security-notice-for-ca-single-sign-on-web-agents.aspx

www.securitytracker.com/id/1035389

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

8.7 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.0%

JSON

Related for CVE-2015-6854

prion1 cvelist1 nvd1