Lucene search

[email protected]CVE-2006-6641

HistoryDec 20, 2006 - 12:28 a.m.

CVE-2006-6641

2006-12-2000:28:00

[email protected]

web.nvd.nist.gov

cve-2006-6641

ca cleverpath portal

brightstor portal

unspecified vulnerability

session inheritance

data store conflict

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

85.4%

JSON

Unspecified vulnerability in CA CleverPath Portal before maintenance version 4.71.001_179_060830, as used in multiple products including BrightStor Portal r11.1, CleverPath Aion BPM r10 through r10.2, eTrust Security Command Center r1 and r8, and Unicenter, does not properly handle when multiple Portal servers are started at the same time and share the same data store, which might cause a Portal user to inherit the session and credentials of a user who is on another Portal server.

Affected configurations

NVD

Node

arcservebrightstorMatch11.1

broadcomcleverpath_portalRange≤4.71

cleverpathaion_bpmMatchr10

cleverpathaion_bpmMatchr10.1

cleverpathaion_bpmMatchr10.2

cleverpathportalMatchr4.7

cleverpathportalMatchr4.51

cleverpathportalMatchr4.71

etrustsecurity_command_centerMatchr1

etrustsecurity_command_centerMatchr8

unicenterasset_and_portfolio_managementMatchr11

unicenterdatabase_command_centerMatchr11.1

unicenterdatabase_management_portalMatchr11

unicenterenterprise_job_managerMatchr1_sp3

unicentermanagement_portalMatchr2.0

unicentermanagement_portalMatchr3.1

unicentermanagement_portalMatchr11.0

unicenterworkload_control_centerMatchr1_sp4

CPENameOperatorVersion
arcserve:brightstorarcserve brightstoreq11.1
broadcom:cleverpath_portalbroadcom cleverpath portalle4.71
cleverpath:aion_bpmcleverpath aion bpmeqr10
cleverpath:aion_bpmcleverpath aion bpmeqr10.1
cleverpath:aion_bpmcleverpath aion bpmeqr10.2
cleverpath:portalcleverpath portaleqr4.7
cleverpath:portalcleverpath portaleqr4.51
cleverpath:portalcleverpath portaleqr4.71
etrust:security_command_centeretrust security command centereqr1
etrust:security_command_centeretrust security command centereqr8

CPE	Name	Operator	Version
arcserve:brightstor	arcserve brightstor	eq	11.1
broadcom:cleverpath_portal	broadcom cleverpath portal	le	4.71
cleverpath:aion_bpm	cleverpath aion bpm	eq	r10
cleverpath:aion_bpm	cleverpath aion bpm	eq	r10.1
cleverpath:aion_bpm	cleverpath aion bpm	eq	r10.2
cleverpath:portal	cleverpath portal	eq	r4.7
cleverpath:portal	cleverpath portal	eq	r4.51
cleverpath:portal	cleverpath portal	eq	r4.71
etrust:security_command_center	etrust security command center	eq	r1
etrust:security_command_center	etrust security command center	eq	r8

Rows per page:

1-10 of 181

References

secunia.com/advisories/23426

securitytracker.com/id?1017429

supportconnectw.ca.com/public/ca_common_docs/cpportal_secnot.asp

www.osvdb.org/30854

www.securityfocus.com/archive/1/455041/100/0/threaded

www.securityfocus.com/bid/21681

www.vupen.com/english/advisories/2006/5091

www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34876

Social References

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

85.4%

JSON

Related for CVE-2006-6641

nvd1 cvelist1