CVE-2011-1718

CWE-20 — Improper Input Validation3 documents3 sources

Severity

4.3MEDIUM

EPSS

0.8%

top 25.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Broadcom Siteminder CA Siteminder

Timeline

PublishedApr 27

Latest updateMay 13

Description

The Web Agents component in CA SiteMinder R6 before SP6 CR2 and R12 before SP3 CR2 does not properly handle multi-line headers, which allows remote authenticated users to conduct impersonation attacks and gain privileges via crafted data.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDca/siteminder6

▶NVDbroadcom/siteminder12.0

🔴Vulnerability Details

GHSA

GHSA-93qm-89mw-wr9h: The Web Agents component in CA SiteMinder R6 before SP6 CR2 and R12 before SP3 CR2 does not properly handle multi-line headers, which allows remote au↗2022-05-13

▶

CVEList

CVE-2011-1718: The Web Agents component in CA SiteMinder R6 before SP6 CR2 and R12 before SP3 CR2 does not properly handle multi-line headers, which allows remote au↗2011-04-27

▶