MidnightBSD

Advisories for netegrity

CVE-2000-0850 HIGH

Netegrity SiteMinder before 4.11 allows remote attackers to bypass its authentication mechanism by appending "$/FILENAME.ext" (where ext is .ccc, .class, or .jpg) to the requested URL.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
netegrity siteminder 4.0
netegrity siteminder 3.6
CVE-2001-1455 HIGH

Netegrity SiteMinder 3.6 through 4.5.1 allows remote attackers to bypass filtering via URLs containing Unicode characters.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
netegrity siteminder 4.0
netegrity siteminder 3.6
netegrity siteminder 4.5
netegrity siteminder 4.5.1
CVE-2004-0425 HIGH

Heap-based buffer overflow in SiteMinder Affiliate Agent 4.x allows remote attackers to execute arbitrary code via a large SMPROFILE cookie.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
netegrity sideminder_affiliate_agent 4.0
CVE-2004-0672 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in the primary and management web interfaces in Netegrity IdentityMinder Web Edition 5.6 allows remote attackers to execute script as other users via (1) script that starts with %00 in the numOfExpressions parameter or (2) the mobjtype parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
netegrity identityminder web_5.6_sp1
netegrity policy_server 5.5
netegrity identityminder web_5.6_sp2
netegrity identityminder web_5.6