Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, and eTrust Audit 1.5 and r8, allows remote attackers to spoof alerts and conduct replay attacks by invoking eTSAPISend.exe with the desired arguments.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:P/A:P
Vendors Products
Broadcom
  • Etrust Audit Policy Manager
  • Etrust Audit Datatools
  • Etrust Security Command Center
  • Etrust Audit Client

Configuration 1 [-]

OR cpe:2.3:a:broadcom:etrust_audit_client:1.5:sp2:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_audit_client:1.5:sp3:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_audit_client:8.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_audit_datatools:1.5:sp2:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_audit_datatools:1.5:sp3:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_audit_datatools:8.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_audit_policy_manager:1.5:sp2:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_audit_policy_manager:1.5:sp3:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_audit_policy_manager:8.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_security_command_center:1.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_security_command_center:8:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_security_command_center:8:sp1:cr1:*:*:*:*:*
cpe:2.3:a:broadcom:etrust_security_command_center:8:sp1:cr2:*:*:*:*:*
References
Link Resource
http://secunia.com/advisories/22023 Exploit Patch Vendor Advisory
http://secunia.com/advisories/22073 Vendor Advisory
http://securitytracker.com/id?1016909
http://securitytracker.com/id?1016910 Patch
http://users.tpg.com.au/adsl2dvp/advisories/200608-computerassociates.txt Exploit Patch Vendor Advisory
http://www.osvdb.org/29011 Exploit Patch
http://www.securityfocus.com/archive/1/446611/100/0/threaded
http://www.securityfocus.com/archive/1/446716/100/0/threaded
http://www.securityfocus.com/bid/20139 Exploit
http://www.vupen.com/english/advisories/2006/3738
http://www3.ca.com/securityadvisor/blogs/posting.aspx?id=90744&pid=93243&date=2006/9 Exploit Patch Vendor Advisory
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34618 Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/29107
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2006-09-22T22:00:00

Updated: 2018-10-17T20:57:01

Reserved: 2006-09-20T00:00:00

Link: CVE-2006-4901

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2006-09-22T22:07:00.000

Modified: 2021-04-09T16:21:30.627

Link: CVE-2006-4901

JSON object: View

cve-icon Redhat Information

No data.

CWE