CVE-2015-6854

Name: CVE-2015-6854
Creator: NVD / NIST
Published: 2016-03-24T01:59:02.293+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.50%

Last modified Jun 17, 2026

CVE-2015-6854 is a vulnerability of currently unknown severity. The non-Domino web agents in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, and R12.5 before CR5 allow remote attackers to cause a denial of service (daemon crash) or obtain sensitive information via a crafted request.. EPSS estimates a 1.50% chance of exploitation in the next 30 days.

Description

The non-Domino web agents in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, and R12.5 before CR5 allow remote attackers to cause a denial of service (daemon crash) or obtain sensitive information via a crafted request.

Metrics

EPSS Probability

1.50%

70.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-345

Affected Software

Vendor	Product	Versions
Broadcom	Single Sign-On	r6.0
Broadcom	Single Sign-On	r12.0
Broadcom	Single Sign-On	r12.0j
Broadcom	Single Sign-On	r12.5

References

Timeline

Published: Mar 24, 2016
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2015-6854?

How severe is CVE-2015-6854?

Severity scoring for CVE-2015-6854 is pending analysis. The EPSS model estimates a 1.50% probability of exploitation in the next 30 days.

How do I fix CVE-2015-6854?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2015-6854?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST