CVE-2006-4901

Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, and eTrust Audit 1.5 and r8, allows remote attackers to spoof alerts and conduct replay attacks by invoking eTSAPISend.exe with the desired arguments.

CVSS v2.0 6.4 MEDIUM

6.4^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:P

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://users.tpg.com.au/adsl2dvp/advisories/200608-computerassociates.txt	Exploit Patch Vendor Advisory
http://www3.ca.com/securityadvisor/blogs/posting.aspx?id=90744&pid=93243&date=2006/9	Exploit Patch Vendor Advisory
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34618	Patch Vendor Advisory
http://www.osvdb.org/29011	Exploit Patch
http://secunia.com/advisories/22023	Exploit Patch Vendor Advisory
http://www.securityfocus.com/bid/20139	Exploit
http://securitytracker.com/id?1016909
http://securitytracker.com/id?1016910	Patch
http://secunia.com/advisories/22073	Vendor Advisory
http://www.vupen.com/english/advisories/2006/3738
https://exchange.xforce.ibmcloud.com/vulnerabilities/29107
http://www.securityfocus.com/archive/1/446716/100/0/threaded
http://www.securityfocus.com/archive/1/446611/100/0/threaded

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:broadcom:etrust_audit_client:1.5:sp2::::::
	cpe:2.3:a:broadcom:etrust_audit_client:1.5:sp3::::::
	cpe:2.3:a:broadcom:etrust_security_command_center:1.0:::::::*
	cpe:2.3:a:broadcom:etrust_security_command_center:8:::::::*
	cpe:2.3:a:broadcom:etrust_audit_policy_manager:1.5:sp3::::::
	cpe:2.3:a:broadcom:etrust_audit_policy_manager:8.0:::::::*
	cpe:2.3:a:broadcom:etrust_audit_datatools:8.0:::::::*
	cpe:2.3:a:broadcom:etrust_audit_policy_manager:1.5:sp2::::::
	cpe:2.3:a:broadcom:etrust_audit_client:8.0:::::::*
	cpe:2.3:a:broadcom:etrust_audit_datatools:1.5:sp2::::::
	cpe:2.3:a:broadcom:etrust_audit_datatools:1.5:sp3::::::
	cpe:2.3:a:broadcom:etrust_security_command_center:8:sp1:cr1:::::*
	cpe:2.3:a:broadcom:etrust_security_command_center:8:sp1:cr2:::::*

Information

Published : 2006-09-22 15:07

Updated : 2021-04-09 09:21

NVD link : CVE-2006-4901

Mitre link : CVE-2006-4901

JSON object : View

CWE

NVD-CWE-Other

Products Affected

broadcom

etrust_audit_client
etrust_security_command_center
etrust_audit_datatools
etrust_audit_policy_manager

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://users.tpg.com.au/adsl2dvp/advisories/200608-computerassociates.txt", "name": "http://users.tpg.com.au/adsl2dvp/advisories/200608-computerassociates.txt", "tags": ["Exploit", "Patch", "Vendor Advisory"], "refsource": "MISC"}, {"url": "http://www3.ca.com/securityadvisor/blogs/posting.aspx?id=90744&pid=93243&date=2006/9", "name": "http://www3.ca.com/securityadvisor/blogs/posting.aspx?id=90744&pid=93243&date=2006/9", "tags": ["Exploit", "Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34618", "name": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34618", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.osvdb.org/29011", "name": "29011", "tags": ["Exploit", "Patch"], "refsource": "OSVDB"}, {"url": "http://secunia.com/advisories/22023", "name": "22023", "tags": ["Exploit", "Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/20139", "name": "20139", "tags": ["Exploit"], "refsource": "BID"}, {"url": "http://securitytracker.com/id?1016909", "name": "1016909", "tags": [], "refsource": "SECTRACK"}, {"url": "http://securitytracker.com/id?1016910", "name": "1016910", "tags": ["Patch"], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/22073", "name": "22073", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2006/3738", "name": "ADV-2006-3738", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29107", "name": "ca-etrust-alert-replay(29107)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/446716/100/0/threaded", "name": "20060922 RE: Computer Associates eTrust Security Command Center Multiple Vulnerabilities", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/446611/100/0/threaded", "name": "20060921 [CAID 34616, 34617, 34618]: CA eSCC and eTrust Audit vulnerabilities", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, and eTrust Audit 1.5 and r8, allows remote attackers to spoof alerts and conduct replay attacks by invoking eTSAPISend.exe with the desired arguments."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-4901", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 4.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-09-22T22:07Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:broadcom:etrust_audit_client:1.5:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:broadcom:etrust_audit_client:1.5:sp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:broadcom:etrust_security_command_center:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:broadcom:etrust_security_command_center:8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:broadcom:etrust_audit_policy_manager:1.5:sp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:broadcom:etrust_audit_policy_manager:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:broadcom:etrust_audit_datatools:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:broadcom:etrust_audit_policy_manager:1.5:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:broadcom:etrust_audit_client:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:broadcom:etrust_audit_datatools:1.5:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:broadcom:etrust_audit_datatools:1.5:sp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:broadcom:etrust_security_command_center:8:sp1:cr1:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:broadcom:etrust_security_command_center:8:sp1:cr2:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2021-04-09T16:21Z"}

6.4 /10