Lucene search

[email protected]CVE-2006-4901

HistorySep 22, 2006 - 10:07 p.m.

CVE-2006-4901

2006-09-2222:07:00

[email protected]

web.nvd.nist.gov

computer associates

etrust security command center

cve-2006-4901

etsapisend.exe

spoofing

replay attacks

nvd

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.018 Low

EPSS

Percentile

88.1%

JSON

Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, and eTrust Audit 1.5 and r8, allows remote attackers to spoof alerts and conduct replay attacks by invoking eTSAPISend.exe with the desired arguments.

Affected configurations

NVD

Node

broadcometrust_audit_clientMatch1.5sp2

broadcometrust_audit_clientMatch1.5sp3

broadcometrust_audit_clientMatch8.0

broadcometrust_audit_datatoolsMatch1.5sp2

broadcometrust_audit_datatoolsMatch1.5sp3

broadcometrust_audit_datatoolsMatch8.0

broadcometrust_audit_policy_managerMatch1.5sp2

broadcometrust_audit_policy_managerMatch1.5sp3

broadcometrust_audit_policy_managerMatch8.0

broadcometrust_security_command_centerMatch1.0

broadcometrust_security_command_centerMatch8

broadcometrust_security_command_centerMatch8sp1cr1

broadcometrust_security_command_centerMatch8sp1cr2

CPENameOperatorVersion
broadcom:etrust_audit_clientbroadcom etrust audit clienteq1.5
broadcom:etrust_audit_clientbroadcom etrust audit clienteq8.0
broadcom:etrust_audit_datatoolsbroadcom etrust audit datatoolseq1.5
broadcom:etrust_audit_datatoolsbroadcom etrust audit datatoolseq8.0
broadcom:etrust_audit_policy_managerbroadcom etrust audit policy managereq1.5
broadcom:etrust_audit_policy_managerbroadcom etrust audit policy managereq8.0
broadcom:etrust_security_command_centerbroadcom etrust security command centereq1.0
broadcom:etrust_security_command_centerbroadcom etrust security command centereq8

CPE	Name	Operator	Version
broadcom:etrust_audit_client	broadcom etrust audit client	eq	1.5
broadcom:etrust_audit_client	broadcom etrust audit client	eq	8.0
broadcom:etrust_audit_datatools	broadcom etrust audit datatools	eq	1.5
broadcom:etrust_audit_datatools	broadcom etrust audit datatools	eq	8.0
broadcom:etrust_audit_policy_manager	broadcom etrust audit policy manager	eq	1.5
broadcom:etrust_audit_policy_manager	broadcom etrust audit policy manager	eq	8.0
broadcom:etrust_security_command_center	broadcom etrust security command center	eq	1.0
broadcom:etrust_security_command_center	broadcom etrust security command center	eq	8

References

secunia.com/advisories/22023

secunia.com/advisories/22073

securitytracker.com/id?1016909

securitytracker.com/id?1016910

users.tpg.com.au/adsl2dvp/advisories/200608-computerassociates.txt

www.osvdb.org/29011

www.securityfocus.com/archive/1/446611/100/0/threaded

www.securityfocus.com/archive/1/446716/100/0/threaded

www.securityfocus.com/bid/20139

www.vupen.com/english/advisories/2006/3738

www3.ca.com/securityadvisor/blogs/posting.aspx?id=90744&pid=93243&date=2006/9

www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34618

exchange.xforce.ibmcloud.com/vulnerabilities/29107

Social References

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.018 Low

EPSS

Percentile

88.1%

JSON

Related for CVE-2006-4901

cvelist1 nvd1 securityvulns1