The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Computer Associates SiteMinder

vulnerability bulletin CVE-2015-6853 CVE-2015-6854

CA Single Sign-On: two vulnerabilities of Web Agent

Synthesis of the vulnerability

An attacker can use several vulnerabilities of CA Single Sign-On.
Impacted products: CA SSO, SiteMinder.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 24/03/2016.
Identifiers: CA20160323-01, CVE-2015-6853, CVE-2015-6854, VIGILANCE-VUL-19233.

Description of the vulnerability

Several vulnerabilities were announced in CA SSO Web Agent.

An attacker can bypass security features of Domino Web Agent, in order to obtain sensitive information. [severity:2/4; CVE-2015-6853]

An attacker can bypass security features of Web Agent not for Domino, in order to obtain sensitive information. [severity:2/4; CVE-2015-6854]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2013-5968

CA SiteMinder: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of CA SiteMinder, in order to execute JavaScript code in the context of the web site.
Impacted products: SiteMinder.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 25/10/2013.
Identifiers: BID-63333, CA20131024-01, CVE-2013-5968, VIGILANCE-VUL-13648.

Description of the vulnerability

The CA SiteMinder product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents. An attacker can use a quote character to inject HTML content.

An attacker can therefore trigger a Cross Site Scripting of CA SiteMinder, in order to execute JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2013-2279

CA SiteMinder: SAML signatures not checked

Synthesis of the vulnerability

An attacker can spoof SAML messages, and send them to CA SiteMinder, in order to access to user's data.
Impacted products: SiteMinder.
Severity: 3/4.
Consequences: user access/rights.
Provenance: intranet client.
Creation date: 20/03/2013.
Identifiers: BID-58609, CA20130319-01, CERTA-2013-AVI-196, CVE-2013-2279, VIGILANCE-VUL-12544.

Description of the vulnerability

The SAML (Security Assertion Markup Language) standard uses XML to transfer authentication messages.

These XML exchanges use XML Signature, in order to sign data. However, CA SiteMinder does not correctly check this signature.

An attacker can therefore spoof SAML messages, and send them to CA SiteMinder, in order to access to user's data.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2011-4054

CA SiteMinder: Cross Site Scripting via login.fcc

Synthesis of the vulnerability

An attacker can generate a Cross Site Scripting in the login.fcc page of CA SiteMinder, in order to execute JavaScript code in the context of the web site.
Impacted products: SiteMinder.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 07/12/2011.
Identifiers: BID-50962, CA20111208-01, CERTA-2011-AVI-679, CVE-2011-4054, VIGILANCE-VUL-11202, VU#713012.

Description of the vulnerability

The login.fcc page processes users' authentication on sur CA SiteMinder.

However, this page does not filter the posted "postpreservationdata" parameter. An attacker can thus inject JavaScript code in this parameter.

An attacker can therefore generate a Cross Site Scripting in the login.fcc page of CA SiteMinder, in order to execute JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2011-3849

CA Directory: denial of service via SNMP

Synthesis of the vulnerability

An attacker can send a malicious SNMP packer to CA Directory, in order to stop it, or to create a denial of service on products depending on it.
Impacted products: SiteMinder, CA Workload Automation.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 17/11/2011.
Identifiers: BID-50699, CA20111116-01, CERTA-2011-AVI-660, CVE-2011-3849, VIGILANCE-VUL-11165.

Description of the vulnerability

The CA Directory product is provided with:
 - CA SiteMinder
 - CA Embedded Entitlements Manager
 - etc.
The CA Embedded Entitlements Manager product is provided with:
 - CA Workload Automation
 - etc.

An attacker can send a malicious SNMP packer to CA Directory, in order to stop it, or to create a denial of service on products depending on it.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2011-1718

CA SiteMinder Web Agent: user access

Synthesis of the vulnerability

An attacker can use a malformed query, in order to access to CA SiteMinder Web Agent with privileges of another user.
Impacted products: SiteMinder.
Severity: 3/4.
Consequences: user access/rights.
Provenance: intranet client.
Creation date: 21/04/2011.
Revision date: 23/05/2011.
Identifiers: BID-47521, CA20110420-01, CA20110420-02, CERTA-2011-AVI-247, CVE-2011-1718, VIGILANCE-VUL-10587.

Description of the vulnerability

The CA SiteMinder Web Agent product can be installed with a web server, in order to process its authentication.

An HTTP query can have its headers on several lines. For example:
  User-Agent: begin
     end
  Other-header: value

However, CA SiteMinder Web Agent with IIS 6.0 does not correctly process these headers. It interprets them as queries from another user.

An attacker can therefore use a malformed query, in order to access to CA SiteMinder Web Agent with privileges of another user.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2009-3731

CA SiteMinder: Cross Site Scripting via WebWorks Help

Synthesis of the vulnerability

An attacker can use the WebWorks Help in order to generate a Cross Site Scripting in CA SiteMinder.
Impacted products: SiteMinder.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 05/03/2010.
Identifiers: CA20100304-01, CERTA-2009-AVI-548, CERTA-2010-AVI-107, CVE-2009-3731, VIGILANCE-VUL-9499.

Description of the vulnerability

The WebWorks Help (wwhelp) format is used to create online help pages. It is used by the CA SiteMinder product.

However, a Cross Site Scripting was announced in WebWorks Help. It also impacts CA SiteMinder.

An attacker can therefore invite the victim to access to a malicious url, in order to execute JavaScript code in the context of the CA SiteMinder product.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2009-2704 CVE-2009-2705

CA SiteMinder: bypassing

Synthesis of the vulnerability

An attacker can bypass the Cross Site Scripting protection of CA SiteMinder.
Impacted products: SiteMinder.
Severity: 2/4.
Consequences: data flow.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 12/08/2009.
Identifiers: BID-36086, BID-36088, CVE-2009-2704, CVE-2009-2705, VIGILANCE-VUL-8945.

Description of the vulnerability

The CA SiteMinder product contains a protection against Cross Site Scripting. This protection can be bypassed in two ways.

An attacker can use a null character in order to truncate the analysis. [severity:2/4; BID-36086, CVE-2009-2704]

An attacker can use a non standard Unicode character (too long) to inject filtered characters (such as "<"). [severity:2/4; BID-36088, CVE-2009-2705]

An attacker can therefore use a Cross Site Scripting against a web site protected by CA SiteMinder.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin 7858

Apache, ASP.NET, SiteMinder, Tomcat: bypassing VBAAC

Synthesis of the vulnerability

The syntax of configuration files of some web servers can mislead the administrator.
Impacted products: Apache httpd, Tomcat, SiteMinder, IIS.
Severity: 1/4.
Consequences: no consequence.
Provenance: internet client.
Creation date: 28/05/2008.
Revision date: 03/06/2008.
Identifiers: VIGILANCE-VUL-7858.

Description of the vulnerability

The HTTP protocol defines several methods: GET, POST, HEAD, PUT, etc. Access to some resources can be limited for some methods (VBAAC - Verb Based Authentication and Access Control).

However, the configuration syntax of certain web servers is unclear. For example for Tomcat, only indicated methods (for example GET and POST) are limited, whereas all other methods are allowed (an attacker can thus use HEAD). ASP.NET is impacted by the same problem.

An administrator can therefore unintentionally mis-configure his server.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2007-5923

CA SiteMinder Agent: Cross Site Scripting

Synthesis of the vulnerability

An attacker can create a Cross Site Scripting attack in CA SiteMinder Agent.
Impacted products: SiteMinder.
Severity: 1/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 08/11/2007.
Revision date: 09/11/2007.
Identifiers: BID-26375, CVE-2007-5923, VIGILANCE-VUL-7324.

Description of the vulnerability

The siteminderagent/forms/smpwservices.fcc page of CA SiteMinder Agent displays an authentication form.

The SMAUTHREASON parameter contains an integer indicating the authentication type:
 - 0 : login
 - 18 : password change
 - 29 : PIN selection
 - etc.

This integer is inserted in the JavaScript code of the page. For example:
  if (integerused == 0) ...
However, the contents of SMAUTHREASON is not sanitized. An attacker can use text data in order to inject JavaScript code:
  if (attacker_code == 0) ...

An attacker can therefore create a Cross Site Scripting attack.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.