CVE-2006-6641
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
20/12/2006
Last modified:
09/04/2025
Description
Unspecified vulnerability in CA CleverPath Portal before maintenance version 4.71.001_179_060830, as used in multiple products including BrightStor Portal r11.1, CleverPath Aion BPM r10 through r10.2, eTrust Security Command Center r1 and r8, and Unicenter, does not properly handle when multiple Portal servers are started at the same time and share the same data store, which might cause a Portal user to inherit the session and credentials of a user who is on another Portal server.
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:arcserve:brightstor:11.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:broadcom:cleverpath_portal:*:*:*:*:*:*:*:* | 4.71 (including) | |
| cpe:2.3:a:cleverpath:aion_bpm:r10:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cleverpath:aion_bpm:r10.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cleverpath:aion_bpm:r10.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cleverpath:portal:r4.7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cleverpath:portal:r4.51:*:*:*:*:*:*:* | ||
| cpe:2.3:a:cleverpath:portal:r4.71:*:*:*:*:*:*:* | ||
| cpe:2.3:a:etrust:security_command_center:r1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:etrust:security_command_center:r8:*:*:*:*:*:*:* | ||
| cpe:2.3:a:unicenter:asset_and_portfolio_management:r11:*:*:*:*:*:*:* | ||
| cpe:2.3:a:unicenter:database_command_center:r11.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:unicenter:database_management_portal:r11:*:*:*:*:*:*:* | ||
| cpe:2.3:a:unicenter:enterprise_job_manager:r1_sp3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:unicenter:management_portal:r2.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://secunia.com/advisories/23426
- http://securitytracker.com/id?1017429=
- http://supportconnectw.ca.com/public/ca_common_docs/cpportal_secnot.asp
- http://www.osvdb.org/30854
- http://www.securityfocus.com/archive/1/455041/100/0/threaded
- http://www.securityfocus.com/bid/21681
- http://www.vupen.com/english/advisories/2006/5091
- http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34876
- http://secunia.com/advisories/23426
- http://securitytracker.com/id?1017429=
- http://supportconnectw.ca.com/public/ca_common_docs/cpportal_secnot.asp
- http://www.osvdb.org/30854
- http://www.securityfocus.com/archive/1/455041/100/0/threaded
- http://www.securityfocus.com/bid/21681
- http://www.vupen.com/english/advisories/2006/5091
- http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34876