Running Policy Server configured with SNMP stack, this one allows:

1. The "SNMP 'GETBULK' Reflection DDoS";
2. Default SNMP Community Strings;
3. SNMP Agent Default Community Name;

1. Title : SNMP 'GETBULK' Reflection DDoS
   
   At first glance, it's recommended to disable this service if it isn't in use with the Policy Server (1).
   More, according to the same page above, the vulnerability concerns the Agent software, which one is provided by the Operating System (OS) (2).
   So said, only the software net-snmp version 5.4.2.1 and below are affected. This problem is outside the Policy Server code.
   
   
2. Title: Default SNMP Community Strings
   
   As per Nessus documentation, this one affects the snmp service configuration, and as such is out of SiteMinder scope (3).
   
   
3. Title : SNMP Agent Default Community Name
   
   This one is also out of SiteMinder scope and concerns only the service and its OS (4).
   
   

These vulnerabilities are outside the Policy Server code.

Work with your Vendor support and/or OS Administrator to mitigate them.

1. SNMP 'GETBULK' Reflection DDoS
        
2. CVE-2008-4309
   
   
3. 2.2.24 Ensure default SNMP community strings don't exist
   
   
4. SNMP Agent Default Community Name (public)