Vulnerability CVE-2006-6641
Published: 2006-12-19   Modified: 2012-02-12

Description:
Unspecified vulnerability in CA CleverPath Portal before maintenance version 4.71.001_179_060830, as used in multiple products including BrightStor Portal r11.1, CleverPath Aion BPM r10 through r10.2, eTrust Security Command Center r1 and r8, and Unicenter, does not properly handle when multiple Portal servers are started at the same time and share the same data store, which might cause a Portal user to inherit the session and credentials of a user who is on another Portal server.

Type:

CWE-Other

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Unicenter -> Asset and portfolio management 
Unicenter -> Database command center 
Unicenter -> Database management portal 
Unicenter -> Enterprise job manager 
Unicenter -> Management portal 
Unicenter -> Workload control center 
Etrust -> Security command center 
Cleverpath -> Aion bpm 
Cleverpath -> Portal 
CA -> Cleverpath portal 
Arcserve -> Brightstor 

 References:
http://securitytracker.com/id?1017429
http://supportconnectw.ca.com/public/ca_common_docs/cpportal_secnot.asp
http://www.securityfocus.com/archive/1/455041/100/0/threaded
http://www.securityfocus.com/bid/21681
http://www.vupen.com/english/advisories/2006/5091
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34876
Copyright 2024, cxsecurity.com

 

Back to Top