3 matches found
CVE-2009-2705
CVE-2009-2705 affects CA SiteMinder. The vulnerability allows remote attackers to bypass J2EE application XSS protections by submitting a request that uses non-canonical, overlong Unicode in place of blacklisted characters, enabling cross-site scripting bypasses. Documented impact is limited to b...
CVE-2013-5968
CVE-2013-5968 is a cross-site scripting (XSS) vulnerability affecting CA SiteMinder 12.0–12.51 and SiteMinder 6 Web Agents. The issue allows remote attackers to inject arbitrary script or HTML via vectors involving the double-quote character. The NVD entry lists a Medium severity (CVSSv2 base sco...
CVE-2011-1718
CVE-2011-1718 affects the Web Agents component of CA SiteMinder (R6 before SP6 CR2 and R12 before SP3 CR2). The issue stems from improper handling of multi-line headers, enabling remote authenticated users to impersonate others and gain privileges via crafted data. Affected products are CA SiteMi...