PT-2006-5654 · Computer Associates · Etrust Audit+1

Published

2006-09-22

Updated

2021-04-09

CVE-2006-4901

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions Computer Associates (CA) eTrust Security Command Center versions 1.0 and r8 up to SP1 CR2 Computer Associates (CA) eTrust Audit versions 1.5 and r8

Description The issue allows remote attackers to spoof alerts and conduct replay attacks by invoking eTSAPISend.exe with the desired arguments.

Recommendations For Computer Associates (CA) eTrust Security Command Center versions 1.0 and r8 up to SP1 CR2, consider restricting access to eTSAPISend.exe to prevent spoofing and replay attacks. For Computer Associates (CA) eTrust Audit versions 1.5 and r8, consider restricting access to eTSAPISend.exe to prevent spoofing and replay attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-4901

Affected Products

Etrust Audit

Ca Etrust Security Command Center

PT-2006-5654 · Computer Associates · Etrust Audit+1

CVE-2006-4901

Related Identifiers

Affected Products

References · 16