BACK TO LIST

CA Single Sign-On Unspecified High-Risk Vulnerabilities Advisory

Mike Brooks
on Mar 23, 2016 8:06:01 AM

Patch Date

March 23, 2016

Vendor

CA Technologies

Systems Affected

Version 6 - 12.52 SP2

Summary

Two high-risk vulnerabilities were discovered in the CA Technologies Single Sign-On (formerly CA SiteMinder®) application. These vulnerabilities allowed a remote attacker to cause a denial-of-service (DoS) attack or possibly gain sensitive information. We worked closely with CA Technologies in the disclosure and remediation process. Their team of engineers developed fixes that address the problems. If you’re a client of CA Technologies that relies on Single Sign-On, please visit their site for patching information.

Vendor Status

CA has been notified and have fixed the application. CVEs have been assigned to the respective vulnerabilities: CVE-2015-6853 and CVE-2015-6854.

Researcher

Mike Brooks of Bishop Fox

Index

Keywords

Related Content

Advisories Wallabag 2.2.3 to 2.3.2 - Stored Cross-Site Scripting
Advisories Simple – Better Banking (Android) v. 2.45.0 – 2.45.3 - Sensitive Information Disclosure
Advisories Adobe ColdFusion Reflected Cross-Site Scripting Flaw

MANAGED SERVICES

CONSULTING SERVICES

PARTNER PROGRAMS

LABS | RESEARCH & RESOURCES

CAREERS

COMPANY

COMMUNITY

CONTACT

ADDRESS

8240 S. Kyrene Rd.
Suite A113
Tempe, AZ
85284
United States

Copyright © 2021   Bishop Fox Privacy Statement