EUVD-2006-6624

Malware in sbrugna...

CA CleverPath Portal远程SQL注入漏洞

CleverPath Portal是一个安全、可扩展的企业信息门户，提供一个协作环境以及信息、应用和Web内容的整合视图。 CleverPath Portal在处理用户请求时存在输入验证漏洞，远程攻击者可能利用此漏洞非授权访问数据库。 CleverPath Portal没有正确验证轻型搜索中的ofinterest参数及高级搜索中的description参数，如果攻击者修改了搜索URL中的上述参数的话，就可能导致发送非预期的数据库查询，检索整个数据库内容，具体取决于用户权限。 Computer Associates eTrust Security Command Center r8...

Computer Associates多个CleverPath Portal环境会话劫持漏洞

CleverPath Portal环境一般配置在多个Portal服务器共享一个通用数据存储时存在安全问题。这可导致通过其中一个Portal服务器连接的用户可继承Portal会话，关联另一个Portal服务器中的某个用户的安全验证。 当多个Portal服务器共享通用数据存储并两个Portal服务器在同一时间里启动，由于CleverPath Portal环境变量数据存在问题，可导致以其他用户权限访问服务程序。CleverPath Portal环境变量不是默认配置。 Computer Associates Unicenter Workload Control Center 1.0 SP4...

CVE-2006-6641

Unspecified vulnerability in CA CleverPath Portal before maintenance version 4.71.001179060830, as used in multiple products including BrightStor Portal r11.1, CleverPath Aion BPM r10 through r10.2, eTrust Security Command Center r1 and r8, and Unicenter, does not properly handle when multiple...

CVE-2006-6641

Unspecified vulnerability in CA CleverPath Portal before maintenance version 4.71.001179060830, as used in multiple products including BrightStor Portal r11.1, CleverPath Aion BPM r10 through r10.2, eTrust Security Command Center r1 and r8, and Unicenter, does not properly handle when multiple...

CVE-2006-6641

CA CleverPath Portal before maintenance 4.71.001_179_060830 (and related products BrightStor Portal r11.1, CleverPath Aion BPM r10–r10.2, eTrust Security Command Center r1/r8, Unicenter) is affected by a vulnerability where multiple Portal servers sharing a single data store can cause a Portal us...