A vulnerability was found in Netegrity SiteMinder up to 4.5.1 and classified as critical. Affected by this issue is some unknown functionality of the file /siteminderagent/pwcgi/smpwservicescgi.exe of the component Login. The manipulation of the argument target leads to open redirect. Using CWE to declare the problem leads to CWE-601. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. The weakness was disclosed 01/17/2005 by Marc Ruef with scip AG as VDB-1022 as Advisory (Website). The advisory is available at vuldb.com. The public availability has been coordinated in cooperation with the vendor. This vulnerability is handled as CVE-2005-10001. The attack may be launched remotely. Technical details are available. Furthermore, there is an exploit available. The exploit has been disclosed to the public and may be used. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment. This vulnerability is assigned to T1204.001 by the MITRE ATT&CK project. It is declared as proof-of-concept. As 0-day the estimated underground price was around $5k-$25k. The bugfix is ready for download at rsasecurity.com. It is recommended to apply restrictive firewalling. A possible mitigation has been published even before and not after the disclosure of the vulnerability. The vulnerability is also documented other vulnerability databases: Secunia (SA13896) and SecurityTracker (ID 1012927).

81 more entries are not shown