Vulnerability Description
Unspecified vulnerability in CA CleverPath Portal before maintenance version 4.71.001_179_060830, as used in multiple products including BrightStor Portal r11.1, CleverPath Aion BPM r10 through r10.2, eTrust Security Command Center r1 and r8, and Unicenter, does not properly handle when multiple Portal servers are started at the same time and share the same data store, which might cause a Portal user to inherit the session and credentials of a user who is on another Portal server.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Arcserve | Brightstor | 11.1 |
| Broadcom | Cleverpath Portal | <= 4.71 |
| Cleverpath | Aion Bpm | r10 |
| Cleverpath | Portal | r4.7 |
| Etrust | Security Command Center | r1 |
| Unicenter | Asset And Portfolio Management | r11 |
| Unicenter | Database Command Center | r11.1 |
| Unicenter | Database Management Portal | r11 |
| Unicenter | Enterprise Job Manager | r1_sp3 |
| Unicenter | Management Portal | r2.0 |
| Unicenter | Workload Control Center | r1_sp4 |
References
- http://secunia.com/advisories/23426
- http://securitytracker.com/id?1017429
- http://supportconnectw.ca.com/public/ca_common_docs/cpportal_secnot.aspVendor Advisory
- http://www.osvdb.org/30854
- http://www.securityfocus.com/archive/1/455041/100/0/threaded
- http://www.securityfocus.com/bid/21681
- http://www.vupen.com/english/advisories/2006/5091
- http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34876
- http://secunia.com/advisories/23426
- http://securitytracker.com/id?1017429
- http://supportconnectw.ca.com/public/ca_common_docs/cpportal_secnot.aspVendor Advisory
- http://www.osvdb.org/30854
- http://www.securityfocus.com/archive/1/455041/100/0/threaded
- http://www.securityfocus.com/bid/21681
- http://www.vupen.com/english/advisories/2006/5091
FAQ
What is CVE-2006-6641?
CVE-2006-6641 is a vulnerability with a CVSS score of 7.5 (HIGH). Unspecified vulnerability in CA CleverPath Portal before maintenance version 4.71.001_179_060830, as used in multiple products including BrightStor Portal r11.1, CleverPath Aion BPM r10 through r10.2,...
How severe is CVE-2006-6641?
CVE-2006-6641 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-6641?
Check the references section above for vendor advisories and patch information. Affected products include: Arcserve Brightstor, Broadcom Cleverpath Portal, Cleverpath Aion Bpm, Cleverpath Portal, Etrust Security Command Center.