Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-1311 | 1 Netegrity | 1 Siteminder | 2024-02-04 | 6.8 MEDIUM | N/A |
| siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder does not ensure that the TARGET parameter names a valid redirection resource, which allows remote attackers to construct a URL that might trick users into visiting an arbitrary web site referenced by this parameter. | |||||
| CVE-2001-1455 | 1 Netegrity | 1 Siteminder | 2024-02-04 | 7.5 HIGH | N/A |
| Netegrity SiteMinder 3.6 through 4.5.1 allows remote attackers to bypass filtering via URLs containing Unicode characters. | |||||
| CVE-2003-1312 | 1 Netegrity | 1 Siteminder | 2024-02-04 | 4.3 MEDIUM | N/A |
| siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder places a session ID string in the value of the SMSESSION parameter in a URL, which might allow remote attackers to obtain the ID by sniffing, reading Referer logs, or other methods. | |||||
| CVE-2000-0850 | 1 Netegrity | 1 Siteminder | 2024-02-04 | 7.5 HIGH | N/A |
| Netegrity SiteMinder before 4.11 allows remote attackers to bypass its authentication mechanism by appending "$/FILENAME.ext" (where ext is .ccc, .class, or .jpg) to the requested URL. | |||||