Vulnerability Description
Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, and eTrust Audit 1.5 and r8, allows remote attackers to spoof alerts and conduct replay attacks by invoking eTSAPISend.exe with the desired arguments.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Broadcom | Etrust Audit Client | 1.5 |
| Broadcom | Etrust Audit Datatools | 1.5 |
| Broadcom | Etrust Audit Policy Manager | 1.5 |
| Broadcom | Etrust Security Command Center | 1.0 |
References
- http://secunia.com/advisories/22023ExploitPatchVendor Advisory
- http://secunia.com/advisories/22073Vendor Advisory
- http://securitytracker.com/id?1016909
- http://securitytracker.com/id?1016910Patch
- http://users.tpg.com.au/adsl2dvp/advisories/200608-computerassociates.txtExploitPatchVendor Advisory
- http://www.osvdb.org/29011ExploitPatch
- http://www.securityfocus.com/archive/1/446611/100/0/threaded
- http://www.securityfocus.com/archive/1/446716/100/0/threaded
- http://www.securityfocus.com/bid/20139Exploit
- http://www.vupen.com/english/advisories/2006/3738
- http://www3.ca.com/securityadvisor/blogs/posting.aspx?id=90744&pid=93243&date=20ExploitPatchVendor Advisory
- http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34618PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29107
- http://secunia.com/advisories/22023ExploitPatchVendor Advisory
- http://secunia.com/advisories/22073Vendor Advisory
FAQ
What is CVE-2006-4901?
CVE-2006-4901 is a vulnerability with a CVSS score of 6.4 (MEDIUM). Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, and eTrust Audit 1.5 and r8, allows remote attackers to spoof alerts and conduct replay attacks by invoking eTSAPISend...
How severe is CVE-2006-4901?
CVE-2006-4901 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-4901?
Check the references section above for vendor advisories and patch information. Affected products include: Broadcom Etrust Audit Client, Broadcom Etrust Audit Datatools, Broadcom Etrust Audit Policy Manager, Broadcom Etrust Security Command Center.