CVE-2015-6854 - Vulnerability Details - OpenCVE

The non-Domino web agents in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, and R12.5 before CR5 allow remote attackers to cause a denial of service (daemon crash) or obtain sensitive information via a crafted request.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Broadcom	Single Sign-on

Configuration 1 [-]

OR	cpe:2.3:a:broadcom:single_sign-on:r6.0:::::::*
	cpe:2.3:a:broadcom:single_sign-on:r12.0:::::::*
	cpe:2.3:a:broadcom:single_sign-on:r12.0j:::::::*
	cpe:2.3:a:broadcom:single_sign-on:r12.5:::::::*

No data.

References

Link	Providers
http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20160323-01-security-notice-for-ca-single-sign-on-web-agents.aspx
http://www.securitytracker.com/id/1035389

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2016-03-24T01:00:00

Updated: 2024-08-06T07:36:34.236Z

Reserved: 2015-09-10T00:00:00

Link: CVE-2015-6854

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2016-03-24T01:59:02.293

Modified: 2025-04-12T10:46:40.837

Link: CVE-2015-6854

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-03-23T00:00:00", "descriptions": [{"lang": "en", "value": "The non-Domino web agents in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, and R12.5 before CR5 allow remote attackers to cause a denial of service (daemon crash) or obtain sensitive information via a crafted request."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-01T16:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1035389", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1035389"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20160323-01-security-notice-for-ca-single-sign-on-web-agents.aspx"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-6854", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The non-Domino web agents in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, and R12.5 before CR5 allow remote attackers to cause a denial of service (daemon crash) or obtain sensitive information via a crafted request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1035389", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1035389"}, {"name": "http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20160323-01-security-notice-for-ca-single-sign-on-web-agents.aspx", "refsource": "CONFIRM", "url": "http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20160323-01-security-notice-for-ca-single-sign-on-web-agents.aspx"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T07:36:34.236Z"}, "title": "CVE Program Container", "references": [{"name": "1035389", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1035389"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20160323-01-security-notice-for-ca-single-sign-on-web-agents.aspx"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-6854", "datePublished": "2016-03-24T01:00:00", "dateReserved": "2015-09-10T00:00:00", "dateUpdated": "2024-08-06T07:36:34.236Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:broadcom:single_sign-on:r6.0:*:*:*:*:*:*:*", "matchCriteriaId": "582FBE95-BEBF-493F-AD4E-F037D6BED676", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:single_sign-on:r12.0:*:*:*:*:*:*:*", "matchCriteriaId": "8547CFA2-7EE5-4ACD-B674-E5A79BAA7386", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:single_sign-on:r12.0j:*:*:*:*:*:*:*", "matchCriteriaId": "4B4AADB6-1383-46FD-B280-A38DB34CDD9E", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:single_sign-on:r12.5:*:*:*:*:*:*:*", "matchCriteriaId": "64912372-5719-4BCE-8FB6-866314E5488D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The non-Domino web agents in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, and R12.5 before CR5 allow remote attackers to cause a denial of service (daemon crash) or obtain sensitive information via a crafted request."}, {"lang": "es", "value": "Los agentes web non-Domino en CA Single Sign-On (tambi\u00e9n conocido como SSO, anteriormente SiteMinder) R6, R12.0 en versiones anteriores a SP3 CR13, R12.0J en versiones anteriores a SP3 CR1.2 y R12.5 en versiones anteriores a CR5 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de demonio) u obtener informaci\u00f3n sensible a trav\u00e9s de una petici\u00f3n manipulada."}], "id": "CVE-2015-6854", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-03-24T01:59:02.293", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20160323-01-security-notice-for-ca-single-sign-on-web-agents.aspx"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1035389"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20160323-01-security-notice-for-ca-single-sign-on-web-agents.aspx"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1035389"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-345"}], "source": "nvd@nist.gov", "type": "Primary"}]}