Netegrity: >> Siteminder Security Vulnerabilities
siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder does not ensure that the TARGET parameter names a valid redirection resource, which allows remote attackers to construct a URL that might trick users into visiting an arbitrary web site referenced by this parameter.
CVSS Score
6.8
EPSS Score
0.005
Published
2003-12-31
siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder places a session ID string in the value of the SMSESSION parameter in a URL, which might allow remote attackers to obtain the ID by sniffing, reading Referer logs, or other methods.
CVSS Score
4.3
EPSS Score
0.003
Published
2003-12-31
Netegrity SiteMinder 3.6 through 4.5.1 allows remote attackers to bypass filtering via URLs containing Unicode characters.
CVSS Score
7.5
EPSS Score
0.008
Published
2001-08-24
Netegrity SiteMinder before 4.11 allows remote attackers to bypass its authentication mechanism by appending "$/FILENAME.ext" (where ext is .ccc, .class, or .jpg) to the requested URL.
CVSS Score
7.5
EPSS Score
0.005
Published
2000-11-14