Lucene search

[email protected]NVD:CVE-2006-6641

HistoryDec 20, 2006 - 12:28 a.m.

CVE-2006-6641

2006-12-2000:28:00

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.6

Confidence

High

EPSS

0.012

Percentile

85.4%

JSON

Unspecified vulnerability in CA CleverPath Portal before maintenance version 4.71.001_179_060830, as used in multiple products including BrightStor Portal r11.1, CleverPath Aion BPM r10 through r10.2, eTrust Security Command Center r1 and r8, and Unicenter, does not properly handle when multiple Portal servers are started at the same time and share the same data store, which might cause a Portal user to inherit the session and credentials of a user who is on another Portal server.

Affected configurations

Nvd

Node

arcservebrightstorMatch11.1

broadcomcleverpath_portalRange≤4.71

cleverpathaion_bpmMatchr10

cleverpathaion_bpmMatchr10.1

cleverpathaion_bpmMatchr10.2

cleverpathportalMatchr4.7

cleverpathportalMatchr4.51

cleverpathportalMatchr4.71

etrustsecurity_command_centerMatchr1

etrustsecurity_command_centerMatchr8

unicenterasset_and_portfolio_managementMatchr11

unicenterdatabase_command_centerMatchr11.1

unicenterdatabase_management_portalMatchr11

unicenterenterprise_job_managerMatchr1_sp3

unicentermanagement_portalMatchr2.0

unicentermanagement_portalMatchr3.1

unicentermanagement_portalMatchr11.0

unicenterworkload_control_centerMatchr1_sp4

VendorProductVersionCPE
arcservebrightstor11.1cpe:2.3:a:arcserve:brightstor:11.1:*:*:*:*:*:*:*
broadcomcleverpath_portal*cpe:2.3:a:broadcom:cleverpath_portal:*:*:*:*:*:*:*:*
cleverpathaion_bpmr10cpe:2.3:a:cleverpath:aion_bpm:r10:*:*:*:*:*:*:*
cleverpathaion_bpmr10.1cpe:2.3:a:cleverpath:aion_bpm:r10.1:*:*:*:*:*:*:*
cleverpathaion_bpmr10.2cpe:2.3:a:cleverpath:aion_bpm:r10.2:*:*:*:*:*:*:*
cleverpathportalr4.7cpe:2.3:a:cleverpath:portal:r4.7:*:*:*:*:*:*:*
cleverpathportalr4.51cpe:2.3:a:cleverpath:portal:r4.51:*:*:*:*:*:*:*
cleverpathportalr4.71cpe:2.3:a:cleverpath:portal:r4.71:*:*:*:*:*:*:*
etrustsecurity_command_centerr1cpe:2.3:a:etrust:security_command_center:r1:*:*:*:*:*:*:*
etrustsecurity_command_centerr8cpe:2.3:a:etrust:security_command_center:r8:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
arcserve	brightstor	11.1	cpe:2.3:a:arcserve:brightstor:11.1:::::::*
broadcom	cleverpath_portal	*	cpe:2.3:a:broadcom:cleverpath_portal::::::::
cleverpath	aion_bpm	r10	cpe:2.3:a:cleverpath:aion_bpm:r10:::::::*
cleverpath	aion_bpm	r10.1	cpe:2.3:a:cleverpath:aion_bpm:r10.1:::::::*
cleverpath	aion_bpm	r10.2	cpe:2.3:a:cleverpath:aion_bpm:r10.2:::::::*
cleverpath	portal	r4.7	cpe:2.3:a:cleverpath:portal:r4.7:::::::*
cleverpath	portal	r4.51	cpe:2.3:a:cleverpath:portal:r4.51:::::::*
cleverpath	portal	r4.71	cpe:2.3:a:cleverpath:portal:r4.71:::::::*
etrust	security_command_center	r1	cpe:2.3:a:etrust:security_command_center:r1:::::::*
etrust	security_command_center	r8	cpe:2.3:a:etrust:security_command_center:r8:::::::*

Rows per page:

1-10 of 181

References

secunia.com/advisories/23426

securitytracker.com/id?1017429

supportconnectw.ca.com/public/ca_common_docs/cpportal_secnot.asp

www.osvdb.org/30854

www.securityfocus.com/archive/1/455041/100/0/threaded

www.securityfocus.com/bid/21681

www.vupen.com/english/advisories/2006/5091

www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34876

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.6

Confidence

High

EPSS

0.012

Percentile

85.4%

JSON

Related for NVD:CVE-2006-6641

cvelist1 cve1