1. CVE-Search
  2. CVE-2006-6641
ID CVE-2006-6641
Summary Unspecified vulnerability in CA CleverPath Portal before maintenance version 4.71.001_179_060830, as used in multiple products including BrightStor Portal r11.1, CleverPath Aion BPM r10 through r10.2, eTrust Security Command Center r1 and r8, and Unicenter, does not properly handle when multiple Portal servers are started at the same time and share the same data store, which might cause a Portal user to inherit the session and credentials of a user who is on another Portal server.
References
Vulnerable Configurations
  • cpe:2.3:a:arcserve:brightstor:11.1:*:*:*:*:*:*:*
    cpe:2.3:a:arcserve:brightstor:11.1:*:*:*:*:*:*:*
  • cpe:2.3:a:broadcom:cleverpath_portal:-:*:*:*:*:*:*:*
    cpe:2.3:a:broadcom:cleverpath_portal:-:*:*:*:*:*:*:*
  • cpe:2.3:a:broadcom:cleverpath_portal:4.7:*:*:*:*:*:*:*
    cpe:2.3:a:broadcom:cleverpath_portal:4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:broadcom:cleverpath_portal:4.71:*:*:*:*:*:*:*
    cpe:2.3:a:broadcom:cleverpath_portal:4.71:*:*:*:*:*:*:*
  • cpe:2.3:a:cleverpath:aion_bpm:r10:*:*:*:*:*:*:*
    cpe:2.3:a:cleverpath:aion_bpm:r10:*:*:*:*:*:*:*
  • cpe:2.3:a:cleverpath:aion_bpm:r10.1:*:*:*:*:*:*:*
    cpe:2.3:a:cleverpath:aion_bpm:r10.1:*:*:*:*:*:*:*
  • cpe:2.3:a:cleverpath:aion_bpm:r10.2:*:*:*:*:*:*:*
    cpe:2.3:a:cleverpath:aion_bpm:r10.2:*:*:*:*:*:*:*
  • cpe:2.3:a:cleverpath:portal:r4.7:*:*:*:*:*:*:*
    cpe:2.3:a:cleverpath:portal:r4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:cleverpath:portal:r4.51:*:*:*:*:*:*:*
    cpe:2.3:a:cleverpath:portal:r4.51:*:*:*:*:*:*:*
  • cpe:2.3:a:cleverpath:portal:r4.71:*:*:*:*:*:*:*
    cpe:2.3:a:cleverpath:portal:r4.71:*:*:*:*:*:*:*
  • cpe:2.3:a:etrust:security_command_center:r1:*:*:*:*:*:*:*
    cpe:2.3:a:etrust:security_command_center:r1:*:*:*:*:*:*:*
  • cpe:2.3:a:etrust:security_command_center:r8:*:*:*:*:*:*:*
    cpe:2.3:a:etrust:security_command_center:r8:*:*:*:*:*:*:*
  • cpe:2.3:a:unicenter:asset_and_portfolio_management:r11:*:*:*:*:*:*:*
    cpe:2.3:a:unicenter:asset_and_portfolio_management:r11:*:*:*:*:*:*:*
  • cpe:2.3:a:unicenter:database_command_center:r11.1:*:*:*:*:*:*:*
    cpe:2.3:a:unicenter:database_command_center:r11.1:*:*:*:*:*:*:*
  • cpe:2.3:a:unicenter:database_management_portal:r11:*:*:*:*:*:*:*
    cpe:2.3:a:unicenter:database_management_portal:r11:*:*:*:*:*:*:*
  • cpe:2.3:a:unicenter:enterprise_job_manager:r1_sp3:*:*:*:*:*:*:*
    cpe:2.3:a:unicenter:enterprise_job_manager:r1_sp3:*:*:*:*:*:*:*
  • cpe:2.3:a:unicenter:management_portal:r2.0:*:*:*:*:*:*:*
    cpe:2.3:a:unicenter:management_portal:r2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:unicenter:management_portal:r3.1:*:*:*:*:*:*:*
    cpe:2.3:a:unicenter:management_portal:r3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:unicenter:management_portal:r11.0:*:*:*:*:*:*:*
    cpe:2.3:a:unicenter:management_portal:r11.0:*:*:*:*:*:*:*
  • cpe:2.3:a:unicenter:workload_control_center:r1_sp4:*:*:*:*:*:*:*
    cpe:2.3:a:unicenter:workload_control_center:r1_sp4:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 07-04-2021 - 18:57)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 21681
bugtraq 20061221 [CAID 34876]: CA CleverPath Portal Session Inheritance Vulnerability
confirm
osvdb 30854
sectrack 1017429
secunia 23426
vupen ADV-2006-5091
Last major update 07-04-2021 - 18:57
Published 20-12-2006 - 00:28
Last modified 07-04-2021 - 18:57
Back to Top