CVE-2006-6641
Summary
| CVE | CVE-2006-6641 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2006-12-20 00:28:00 UTC |
| Updated | 2026-04-23 00:35:47 UTC |
| Description | Unspecified vulnerability in CA CleverPath Portal before maintenance version 4.71.001_179_060830, as used in multiple products including BrightStor Portal r11.1, CleverPath Aion BPM r10 through r10.2, eTrust Security Command Center r1 and r8, and Unicenter, does not properly handle when multiple Portal servers are started at the same time and share the same data store, which might cause a Portal user to inherit the session and credentials of a user who is on another Portal server. |
Risk And Classification
Primary CVSS: v2.0 7.5 from [email protected]
AV:N/AC:L/Au:N/C:P/I:P/A:P
Problem Types: NVD-CWE-Other | n/a
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
PartialIntegrity
PartialAvailability
PartialAV:N/AC:L/Au:N/C:P/I:P/A:P
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Arcserve | Brightstor | 11.1 | All | All | All |
| Application | Broadcom | Cleverpath Portal | All | All | All | All |
| Application | Cleverpath | Aion Bpm | r10 | All | All | All |
| Application | Cleverpath | Aion Bpm | r10.1 | All | All | All |
| Application | Cleverpath | Aion Bpm | r10.2 | All | All | All |
| Application | Cleverpath | Portal | r4.51 | All | All | All |
| Application | Cleverpath | Portal | r4.7 | All | All | All |
| Application | Cleverpath | Portal | r4.71 | All | All | All |
| Application | Etrust | Security Command Center | r1 | All | All | All |
| Application | Etrust | Security Command Center | r8 | All | All | All |
| Application | Unicenter | Asset And Portfolio Management | r11 | All | All | All |
| Application | Unicenter | Database Command Center | r11.1 | All | All | All |
| Application | Unicenter | Database Management Portal | r11 | All | All | All |
| Application | Unicenter | Enterprise Job Manager | r1_sp3 | All | All | All |
| Application | Unicenter | Management Portal | r11.0 | All | All | All |
| Application | Unicenter | Management Portal | r2.0 | All | All | All |
| Application | Unicenter | Management Portal | r3.1 | All | All | All |
| Application | Unicenter | Workload Control Center | r1_sp4 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| www.osvdb.org/30854 | af854a3a-2127-422b-91ae-364da2661108 | www.osvdb.org | |
| SupportConnect - Important Security Notice for CA CleverPath and Embedded Portal Customers | af854a3a-2127-422b-91ae-364da2661108 | supportconnectw.ca.com | Vendor Advisory |
| CA Portal Technology Session Handling Vulnerability - Advisories - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| SecurityFocus | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| CA CleverPath Portal session verification vulnerability - CA | af854a3a-2127-422b-91ae-364da2661108 | www3.ca.com | |
| CA CleverPath Portal May Let Remote Users Access Portal Sessions of Other Users in Certain Cases - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | securitytracker.com | |
| Computer Associates Multiple CleverPath Portal Environments Session Hijacking Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.