CA Single Sign-On Unspecified High-Risk Vulnerabilities Advisory
March 23, 2016
Version 6 - 12.52 SP2
Two high-risk vulnerabilities were discovered in the CA Technologies Single Sign-On (formerly CA SiteMinder®) application. These vulnerabilities allowed a remote attacker to cause a denial-of-service (DoS) attack or possibly gain sensitive information. We worked closely with CA Technologies in the disclosure and remediation process. Their team of engineers developed fixes that address the problems. If you’re a client of CA Technologies that relies on Single Sign-On, please visit their site for patching information.
CA has been notified and have fixed the application. CVEs have been assigned to the respective vulnerabilities: CVE-2015-6853 and CVE-2015-6854.
Mike Brooks of Bishop Fox
Subscribe to Bishop Fox's Security Blog
Be first to learn about latest tools, advisories, and findings.
Thank You! You have been subscribed.