Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-1311 | 1 Netegrity | 1 Siteminder | 2025-04-03 | 6.8 MEDIUM | N/A |
|
siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder does not ensure that the TARGET parameter names a valid redirection resource, which allows remote attackers to construct a URL that might trick users into visiting an arbitrary web site referenced by this parameter.
|
|||||
| CVE-2000-0850 | 1 Netegrity | 1 Siteminder | 2025-04-03 | 7.5 HIGH | N/A |
|
Netegrity SiteMinder before 4.11 allows remote attackers to bypass its authentication mechanism by appending "$/FILENAME.ext" (where ext is .ccc, .class, or .jpg) to the requested URL.
|
|||||
| CVE-2003-1312 | 1 Netegrity | 1 Siteminder | 2025-04-03 | 4.3 MEDIUM | N/A |
|
siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder places a session ID string in the value of the SMSESSION parameter in a URL, which might allow remote attackers to obtain the ID by sniffing, reading Referer logs, or other methods.
|
|||||
| CVE-2001-1455 | 1 Netegrity | 1 Siteminder | 2025-04-03 | 7.5 HIGH | N/A |
|
Netegrity SiteMinder 3.6 through 4.5.1 allows remote attackers to bypass filtering via URLs containing Unicode characters.
|
|||||