Vulnerability CVE-2006-6641


Published: 2006-12-19   Modified: 2012-02-12

Description:
Unspecified vulnerability in CA CleverPath Portal before maintenance version 4.71.001_179_060830, as used in multiple products including BrightStor Portal r11.1, CleverPath Aion BPM r10 through r10.2, eTrust Security Command Center r1 and r8, and Unicenter, does not properly handle when multiple Portal servers are started at the same time and share the same data store, which might cause a Portal user to inherit the session and credentials of a user who is on another Portal server.

Type:

CWE-Other

Vendor: Etrust
Product: Security command center 
Version: r8; r1;
Vendor: Cleverpath
Product: Portal 
Version:
r4.71
r4.7
r4.51
Product: Aion bpm 
Version:
r10.2
r10.1
r10
Vendor: Unicenter
Product: Management portal 
Version:
r3.1
r2.0
r11.0
Product: Workload control center 
Version: r1_sp4;
Product: Enterprise job manager 
Version: r1_sp3;
Product: Database command center 
Version: r11.1;
Product: Database management portal 
Version: r11;
Product: Asset and portfolio management 
Version: r11;
Vendor: CA
Product: Cleverpath portal 
Version: 4.71;
Vendor: Arcserve
Product: Brightstor 
Version: 11.1;

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://securitytracker.com/id?1017429
http://supportconnectw.ca.com/public/ca_common_docs/cpportal_secnot.asp
http://www.securityfocus.com/archive/1/455041/100/0/threaded
http://www.securityfocus.com/bid/21681
http://www.vupen.com/english/advisories/2006/5091
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34876

Related CVE
CVE-2018-18660
An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-21 Reflected Cross-site Scripting via /authenticationendpoint/domain.jsp issue.
CVE-2018-18659
An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-19 Unauthenticated XXE in /management/UdpHttpService issue.
CVE-2018-18658
An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-20 Unauthenticated Sensitive Information Disclosure via /UDPUpdates/Config/FullUpdateSettings.xml issue.
CVE-2018-18657
An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-18 Unauthenticated Sensitive Information Disclosure via /gateway/services/EdgeServiceImpl issue.
CVE-2015-4068
Directory traversal vulnerability in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive information or cause a denial of service via a crafted file path to the (1) reportFileServlet or (2) exportServlet servlet.
CVE-2015-4069
The EdgeServiceImpl web service in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive credentials via a crafted SOAP request to the (1) getBackupPolicy or (2) getBackupPolicies method.

Copyright 2019, cxsecurity.com

 

Back to Top