CVE-2006-6641

Severity Score

7.5

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Unspecified vulnerability in CA CleverPath Portal before maintenance version 4.71.001_179_060830, as used in multiple products including BrightStor Portal r11.1, CleverPath Aion BPM r10 through r10.2, eTrust Security Command Center r1 and r8, and Unicenter, does not properly handle when multiple Portal servers are started at the same time and share the same data store, which might cause a Portal user to inherit the session and credentials of a user who is on another Portal server.

Vulnerabilidad no especificada en CA CleverPath Portal anterior a la versión de mantenimiento 4.71.001_179_060830, usado en múltiples productos incluyendo BrightStor Portal r11.1, CleverPath Aion BPM r10 hasta r10.2, eTrust Security Command Center r1 y r8, y Unicenter, no actúa adecuadamente cuando múltiples servidores Portal son iniciados al mismo tiempo y comparten el mismo almacén de información, lo cual puede provocar que un usuario de Portal herede la sesión y credenciales de un usuario que está en otro servidor Portal.

*Credits: N/A

CVSS Scores

NISTv2 7.5

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2006-12-19 CVE Reserved
2006-12-20 CVE Published
2024-02-15 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (8)

URL	Tag	Source
http://secunia.com/advisories/23426	Third Party Advisory
http://securitytracker.com/id?1017429	Vdb Entry
http://www.osvdb.org/30854	Vdb Entry
http://www.securityfocus.com/archive/1/455041/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/21681	Vdb Entry
http://www.vupen.com/english/advisories/2006/5091	Vdb Entry
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34876	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://supportconnectw.ca.com/public/ca_common_docs/cpportal_secnot.asp	2021-04-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Arcserve Search vendor "Arcserve"		Brightstor Search vendor "Arcserve" for product "Brightstor"				11.1 Search vendor "Arcserve" for product "Brightstor" and version "11.1"		-		Affected
Broadcom Search vendor "Broadcom"		Cleverpath Portal Search vendor "Broadcom" for product "Cleverpath Portal"				<= 4.71 Search vendor "Broadcom" for product "Cleverpath Portal" and version " <= 4.71"		-		Affected
Cleverpath Search vendor "Cleverpath"		Aion Bpm Search vendor "Cleverpath" for product "Aion Bpm"				r10 Search vendor "Cleverpath" for product "Aion Bpm" and version "r10"		-		Affected
Cleverpath Search vendor "Cleverpath"		Aion Bpm Search vendor "Cleverpath" for product "Aion Bpm"				r10.1 Search vendor "Cleverpath" for product "Aion Bpm" and version "r10.1"		-		Affected
Cleverpath Search vendor "Cleverpath"		Aion Bpm Search vendor "Cleverpath" for product "Aion Bpm"				r10.2 Search vendor "Cleverpath" for product "Aion Bpm" and version "r10.2"		-		Affected
Cleverpath Search vendor "Cleverpath"		Portal Search vendor "Cleverpath" for product "Portal"				r4.7 Search vendor "Cleverpath" for product "Portal" and version "r4.7"		-		Affected
Cleverpath Search vendor "Cleverpath"		Portal Search vendor "Cleverpath" for product "Portal"				r4.51 Search vendor "Cleverpath" for product "Portal" and version "r4.51"		-		Affected
Cleverpath Search vendor "Cleverpath"		Portal Search vendor "Cleverpath" for product "Portal"				r4.71 Search vendor "Cleverpath" for product "Portal" and version "r4.71"		-		Affected
Etrust Search vendor "Etrust"		Security Command Center Search vendor "Etrust" for product "Security Command Center"				r1 Search vendor "Etrust" for product "Security Command Center" and version "r1"		-		Affected
Etrust Search vendor "Etrust"		Security Command Center Search vendor "Etrust" for product "Security Command Center"				r8 Search vendor "Etrust" for product "Security Command Center" and version "r8"		-		Affected
Unicenter Search vendor "Unicenter"		Asset And Portfolio Management Search vendor "Unicenter" for product "Asset And Portfolio Management"				r11 Search vendor "Unicenter" for product "Asset And Portfolio Management" and version "r11"		-		Affected
Unicenter Search vendor "Unicenter"		Database Command Center Search vendor "Unicenter" for product "Database Command Center"				r11.1 Search vendor "Unicenter" for product "Database Command Center" and version "r11.1"		-		Affected
Unicenter Search vendor "Unicenter"		Database Management Portal Search vendor "Unicenter" for product "Database Management Portal"				r11 Search vendor "Unicenter" for product "Database Management Portal" and version "r11"		-		Affected
Unicenter Search vendor "Unicenter"		Enterprise Job Manager Search vendor "Unicenter" for product "Enterprise Job Manager"				r1_sp3 Search vendor "Unicenter" for product "Enterprise Job Manager" and version "r1_sp3"		-		Affected
Unicenter Search vendor "Unicenter"		Management Portal Search vendor "Unicenter" for product "Management Portal"				r2.0 Search vendor "Unicenter" for product "Management Portal" and version "r2.0"		-		Affected
Unicenter Search vendor "Unicenter"		Management Portal Search vendor "Unicenter" for product "Management Portal"				r3.1 Search vendor "Unicenter" for product "Management Portal" and version "r3.1"		-		Affected
Unicenter Search vendor "Unicenter"		Management Portal Search vendor "Unicenter" for product "Management Portal"				r11.0 Search vendor "Unicenter" for product "Management Portal" and version "r11.0"		-		Affected
Unicenter Search vendor "Unicenter"		Workload Control Center Search vendor "Unicenter" for product "Workload Control Center"				r1_sp4 Search vendor "Unicenter" for product "Workload Control Center" and version "r1_sp4"		-		Affected