Strix
26.1K

CVE-2006-6641

UnknownEPSS 2.49%

Last modified

CVE-2006-6641 is a vulnerability of currently unknown severity. Unspecified vulnerability in CA CleverPath Portal before maintenance version 4.71.001_179_060830, as used in multiple products including BrightStor Portal r11.1, CleverPath Aion BPM r10 through r10.2, eTrust Security Command Center r1 and r8, and Unicenter, does not properly handle when multiple Portal servers are started at the same time and share the same data store, which might cause a Portal user to inherit the session and credentials of a user who is on another Portal server.. EPSS estimates a 2.49% chance of exploitation in the next 30 days.

Description

Unspecified vulnerability in CA CleverPath Portal before maintenance version 4.71.001_179_060830, as used in multiple products including BrightStor Portal r11.1, CleverPath Aion BPM r10 through r10.2, eTrust Security Command Center r1 and r8, and Unicenter, does not properly handle when multiple Portal servers are started at the same time and share the same data store, which might cause a Portal user to inherit the session and credentials of a user who is on another Portal server.

Metrics

EPSS Probability
2.49%

82.6th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
ArcserveBrightstor11.1
BroadcomCleverpath Portal<= 4.71
CleverpathAion Bpmr10
CleverpathAion Bpmr10.1
CleverpathAion Bpmr10.2
CleverpathPortalr4.7
CleverpathPortalr4.51
CleverpathPortalr4.71
EtrustSecurity Command Centerr1
EtrustSecurity Command Centerr8
UnicenterAsset And Portfolio Managementr11
UnicenterDatabase Command Centerr11.1
UnicenterDatabase Management Portalr11
UnicenterEnterprise Job Managerr1_sp3
UnicenterManagement Portalr2.0
UnicenterManagement Portalr3.1
UnicenterManagement Portalr11.0
UnicenterWorkload Control Centerr1_sp4

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2006-6641?
Unspecified vulnerability in CA CleverPath Portal before maintenance version 4.71.001_179_060830, as used in multiple products including BrightStor Portal r11.1, CleverPath Aion BPM r10 through r10.2, eTrust Security Command Center r1 and r8, and Unicenter, does not properly handle when multiple Portal servers are started at the same time and share the same data store, which might cause a Portal user to inherit the session and credentials of a user who is on another Portal server.
How severe is CVE-2006-6641?
Severity scoring for CVE-2006-6641 is pending analysis. The EPSS model estimates a 2.49% probability of exploitation in the next 30 days.
How do I fix CVE-2006-6641?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2006-6641?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST