CVE-2006-4901 - Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, and eTrust Audit 1

CVE-2006-4901

Summary

Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, and eTrust Audit 1.5 and r8, allows remote attackers to spoof alerts and conduct replay attacks by invoking eTSAPISend.exe with the desired arguments.

References

Vulnerable Configurations

cpe:2.3:a:broadcom:etrust_audit_client:1.5:sp2:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_audit_client:1.5:sp2:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_audit_client:1.5:sp3:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_audit_client:1.5:sp3:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_audit_client:8.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_audit_client:8.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_audit_datatools:1.5:sp2:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_audit_datatools:1.5:sp2:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_audit_datatools:1.5:sp3:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_audit_datatools:1.5:sp3:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_audit_datatools:8.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_audit_datatools:8.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_audit_policy_manager:1.5:sp2:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_audit_policy_manager:1.5:sp2:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_audit_policy_manager:1.5:sp3:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_audit_policy_manager:1.5:sp3:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_audit_policy_manager:8.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_audit_policy_manager:8.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_security_command_center:1.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_security_command_center:1.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_security_command_center:8:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_security_command_center:8:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_security_command_center:8:sp1:cr1:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_security_command_center:8:sp1:cr1:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_security_command_center:8:sp1:cr2:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_security_command_center:8:sp1:cr2:*:*:*:*:*

CVSS

Base:	6.4 (as of 09-04-2021 - 16:21)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:P/A:P

refmap via4

bid	20139
bugtraq	20060921 [CAID 34616, 34617, 34618]: CA eSCC and eTrust Audit vulnerabilities 20060922 RE: Computer Associates eTrust Security Command Center Multiple Vulnerabilities
confirm	http://www3.ca.com/securityadvisor/blogs/posting.aspx?id=90744&pid=93243&date=2006/9 http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34618
misc	http://users.tpg.com.au/adsl2dvp/advisories/200608-computerassociates.txt
osvdb	29011
sectrack	1016909 1016910
secunia	22023 22073
vupen	ADV-2006-3738
xf	ca-etrust-alert-replay(29107)

Last major update

09-04-2021 - 16:21

Published

22-09-2006 - 22:07

Last modified

09-04-2021 - 16:21