Multiple cross-site scripting (XSS) vulnerabilities in the primary and management web interfaces in Netegrity IdentityMinder Web Edition 5.6 allows remote attackers to execute script as other users via (1) script that starts with %00 in the numOfExpressions parameter or (2) the mobjtype parameter.
Max CVSS
6.8
EPSS Score
0.70%
Published
2004-08-06
Updated
2017-07-11
Heap-based buffer overflow in SiteMinder Affiliate Agent 4.x allows remote attackers to execute arbitrary code via a large SMPROFILE cookie.
Max CVSS
10.0
EPSS Score
2.53%
Published
2004-08-18
Updated
2017-07-11
Netegrity SiteMinder 3.6 through 4.5.1 allows remote attackers to bypass filtering via URLs containing Unicode characters.
Max CVSS
7.5
EPSS Score
0.74%
Published
2001-08-24
Updated
2017-07-11
Netegrity SiteMinder before 4.11 allows remote attackers to bypass its authentication mechanism by appending "$/FILENAME.ext" (where ext is .ccc, .class, or .jpg) to the requested URL.
Max CVSS
7.5
EPSS Score
0.61%
Published
2000-11-14
Updated
2017-10-10
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!