Vulnerability Description
RSA Keon Certificate Authority (KeonCA) Manager 6.5.1 and 6.6 allows privileged local users to hide malicious Certificate Authority (CA) activities by modifying CA auditor logs without detection by (1) modifying or deleting a <LOG BLOCK> and its signature from the XML log in a way that is not detected by the integrity check function that operates on the entire pool, or (2) modifying entries in the live log file, which is only signed during rotation.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rsa | Keon Certificate Authority Manager | 6.5.1 |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049592.htmlVendor Advisory
- http://www.securityfocus.com/archive/1/446742/100/0/threaded
- http://www.securityfocus.com/bid/20136
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29065
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29068
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049592.htmlVendor Advisory
- http://www.securityfocus.com/archive/1/446742/100/0/threaded
- http://www.securityfocus.com/bid/20136
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29065
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29068
FAQ
What is CVE-2006-4991?
CVE-2006-4991 is a vulnerability with a CVSS score of 3.6 (LOW). RSA Keon Certificate Authority (KeonCA) Manager 6.5.1 and 6.6 allows privileged local users to hide malicious Certificate Authority (CA) activities by modifying CA auditor logs without detection by (1...
How severe is CVE-2006-4991?
CVE-2006-4991 has been rated LOW with a CVSS base score of 3.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-4991?
Check the references section above for vendor advisories and patch information. Affected products include: Rsa Keon Certificate Authority Manager.