CVE-2006-6641
CA CleverPath Portal <4.71.001_179_060830 - Info Disclosure
Title source: llmDescription
Unspecified vulnerability in CA CleverPath Portal before maintenance version 4.71.001_179_060830, as used in multiple products including BrightStor Portal r11.1, CleverPath Aion BPM r10 through r10.2, eTrust Security Command Center r1 and r8, and Unicenter, does not properly handle when multiple Portal servers are started at the same time and share the same data store, which might cause a Portal user to inherit the session and credentials of a user who is on another Portal server.
References (8)
Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/21681
Vendor Advisory x_refsource_confirm
http://supportconnectw.ca.com/public/ca_common_docs/cpportal_secnot.asp
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/5091
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/455041/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/30854
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1017429
Various Sources x_refsource_confirm
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34876
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/23426
Scores
EPSS
0.0123
EPSS Percentile
79.4%
Details
Status
published
Products (18)
arcserve/brightstor
11.1
broadcom/cleverpath_portal
< 4.71
cleverpath/aion_bpm
r10
cleverpath/aion_bpm
r10.1
cleverpath/aion_bpm
r10.2
cleverpath/portal
r4.7
cleverpath/portal
r4.51
cleverpath/portal
r4.71
etrust/security_command_center
r1
etrust/security_command_center
r8
... and 8 more
Published
Dec 20, 2006
Tracked Since
Feb 18, 2026