Vulnerabilities > Netegrity

DATE CVE VULNERABILITY TITLE RISK
2004-08-18 CVE-2004-0425 Heap Overflow vulnerability in Netegrity Sideminder Affiliate Agent 4.0
Heap-based buffer overflow in SiteMinder Affiliate Agent 4.x allows remote attackers to execute arbitrary code via a large SMPROFILE cookie.
network
low complexity
netegrity
critical
10.0
2004-08-06 CVE-2004-0672 Cross-Site Scripting vulnerability in Netegrity IdentityMinder
Multiple cross-site scripting (XSS) vulnerabilities in the primary and management web interfaces in Netegrity IdentityMinder Web Edition 5.6 allows remote attackers to execute script as other users via (1) script that starts with %00 in the numOfExpressions parameter or (2) the mobjtype parameter.
network
netegrity
6.8
2003-12-31 CVE-2003-1312 Remote Security vulnerability in Netegrity SiteMinder
siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder places a session ID string in the value of the SMSESSION parameter in a URL, which might allow remote attackers to obtain the ID by sniffing, reading Referer logs, or other methods.
network
netegrity
4.3
2003-12-31 CVE-2003-1311 Remote Security vulnerability in Netegrity SiteMinder
siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder does not ensure that the TARGET parameter names a valid redirection resource, which allows remote attackers to construct a URL that might trick users into visiting an arbitrary web site referenced by this parameter.
network
netegrity
6.8
2001-08-24 CVE-2001-1455 Unspecified vulnerability in Netegrity Siteminder
Netegrity SiteMinder 3.6 through 4.5.1 allows remote attackers to bypass filtering via URLs containing Unicode characters.
network
low complexity
netegrity
7.5
2000-11-14 CVE-2000-0850 Unspecified vulnerability in Netegrity Siteminder 3.6/4.0
Netegrity SiteMinder before 4.11 allows remote attackers to bypass its authentication mechanism by appending "$/FILENAME.ext" (where ext is .ccc, .class, or .jpg) to the requested URL.
network
low complexity
netegrity
7.5