CVE-2006-6641

Description

Unspecified vulnerability in CA CleverPath Portal before maintenance version 4.71.001_179_060830, as used in multiple products including BrightStor Portal r11.1, CleverPath Aion BPM r10 through r10.2, eTrust Security Command Center r1 and r8, and Unicenter, does not properly handle when multiple Portal servers are started at the same time and share the same data store, which might cause a Portal user to inherit the session and credentials of a user who is on another Portal server.

Related CPE's

Could not find any relations

References

http://supportconnectw.ca.com/public/ca_common_docs/cpportal_secnot.asp

Vendor Advisory

23426

http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34876

21681

30854

1017429

ADV-2006-5091

20061221 [CAID 34876]: CA CleverPath Portal Session Inheritance Vulnerability

CvssV3 impact

Could not find any metrics

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:L/Au:N/C:P/I:P/A:P

AccessVector

NETWORK

AccessComplexity

LOW

Authentication

NONE

ConfidentialityImpact

PARTIAL

IntegrityImpact

PARTIAL

AvailabilityImpact

PARTIAL

BaseScore

7.5

Created by Yello
About Severity.io