CVE-2006-4901
First published: Fri Sep 22 2006(Updated: )
Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, and eTrust Audit 1.5 and r8, allows remote attackers to spoof alerts and conduct replay attacks by invoking eTSAPISend.exe with the desired arguments.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Broadcom eTrust Audit Client | =1.5-sp2 | |
| Broadcom eTrust Audit Client | =1.5-sp3 | |
| Broadcom eTrust Audit Client | =8.0 | |
| Broadcom eTrust Audit Datatools | =1.5-sp2 | |
| Broadcom eTrust Audit Datatools | =1.5-sp3 | |
| Broadcom eTrust Audit Datatools | =8.0 | |
| Broadcom eTrust Audit Policy Manager | =1.5-sp2 | |
| Broadcom eTrust Audit Policy Manager | =1.5-sp3 | |
| Broadcom eTrust Audit Policy Manager | =8.0 | |
| Broadcom eTrust Security Command Center | =1.0 | |
| Broadcom eTrust Security Command Center | =8 | |
| Broadcom eTrust Security Command Center | =8-sp1 | |
| Broadcom eTrust Security Command Center | =8-sp1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/22023
- http://secunia.com/advisories/22073
- http://securitytracker.com/id?1016909
- http://securitytracker.com/id?1016910
- http://users.tpg.com.au/adsl2dvp/advisories/200608-computerassociates.txt
- http://www.osvdb.org/29011
- http://www.securityfocus.com/archive/1/446611/100/0/threaded
- http://www.securityfocus.com/archive/1/446716/100/0/threaded
- http://www.securityfocus.com/bid/20139
- http://www.vupen.com/english/advisories/2006/3738
- http://www3.ca.com/securityadvisor/blogs/posting.aspx?id=90744&pid=93243&date=2006/9
- http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34618
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29107
Frequently Asked Questions
What is the severity of CVE-2006-4901?
CVE-2006-4901 has been classified as a medium severity vulnerability due to its potential for remote attack.
How do I fix CVE-2006-4901?
To fix CVE-2006-4901, update your eTrust Security Command Center or eTrust Audit software to the latest version that addresses this vulnerability.
What types of attacks can CVE-2006-4901 facilitate?
CVE-2006-4901 can facilitate alert spoofing and replay attacks through the manipulation of eTSAPISend.exe.
Which versions of eTrust are affected by CVE-2006-4901?
CVE-2006-4901 affects eTrust Security Command Center 1.0, r8 up to SP1 CR2, and eTrust Audit 1.5 and r8.
Who is the vendor for CVE-2006-4901?
The vendor for CVE-2006-4901 is Broadcom, which provides the affected eTrust software products.
- agent/author
- agent/severity
- agent/references
- agent/weakness
- agent/description
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/remedy
- agent/last-modified-date
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- agent/event
- vendor/broadcom
- canonical/broadcom etrust audit client
- version/broadcom etrust audit client/1.5-sp2
- version/broadcom etrust audit client/1.5-sp3
- version/broadcom etrust audit client/8.0
- canonical/broadcom etrust audit datatools
- version/broadcom etrust audit datatools/1.5-sp2
- version/broadcom etrust audit datatools/1.5-sp3
- version/broadcom etrust audit datatools/8.0
- canonical/broadcom etrust audit policy manager
- version/broadcom etrust audit policy manager/1.5-sp2
- version/broadcom etrust audit policy manager/1.5-sp3
- version/broadcom etrust audit policy manager/8.0
- canonical/broadcom etrust security command center
- version/broadcom etrust security command center/1.0
- version/broadcom etrust security command center/8
- version/broadcom etrust security command center/8-sp1