製品・ソフトウェアに関する情報

JVN脆弱性詳細

CA eTrust Security Command Center および eTrust Audit における警告を偽装される脆弱性

Title	CA eTrust Security Command Center および eTrust Audit における警告を偽装される脆弱性
Summary	Computer Associates (CA) eTrust Security Command Center および eTrust Audit には、警告を偽装され、攻撃の再実行を誘発する脆弱性が存在します。
Possible impacts	第三者により、desired 引数を伴う eTSAPISend.exe を呼び出されることで、警告を偽装され、攻撃の再実行を誘発される可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Sept. 22, 2006, midnight
Registration Date	June 26, 2012, 3:37 p.m.
Last Update	June 26, 2012, 3:37 p.m.

Affected System

CA Technologies

etrust audit client 1.5 および r8

etrust audit datatools 1.5 および r8

etrust audit policy manager 1.5 および r8

etrust security command center 1.0 および SP1 CR2 以下の r8

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2006-4901	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4901
National Vulnerability Database (NVD)
2	CVE-2006-4901	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4901

ベンダー情報

No	Name	URL
CA
1	Top Page	http://www.ca.com/

Change Log

No	Changed Details	Date of change
0	[2012年06月26日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2006-4901

Summary	Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, and eTrust Audit 1.5 and r8, allows remote attackers to spoof alerts and conduct replay attacks by invoking eTSAPISend.exe with the desired arguments.
Publication Date	Sept. 23, 2006, 7:07 a.m.
Registration Date	Jan. 29, 2021, 3:46 p.m.
Last Update	April 10, 2021, 1:21 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:broadcom:etrust_audit_client:1.5:sp2::::::
cpe:2.3:a:broadcom:etrust_audit_client:1.5:sp3::::::
cpe:2.3:a:broadcom:etrust_audit_client:8.0:::::::*
cpe:2.3:a:broadcom:etrust_audit_datatools:1.5:sp2::::::
cpe:2.3:a:broadcom:etrust_audit_datatools:1.5:sp3::::::
cpe:2.3:a:broadcom:etrust_audit_datatools:8.0:::::::*
cpe:2.3:a:broadcom:etrust_audit_policy_manager:1.5:sp2::::::
cpe:2.3:a:broadcom:etrust_audit_policy_manager:1.5:sp3::::::
cpe:2.3:a:broadcom:etrust_audit_policy_manager:8.0:::::::*
cpe:2.3:a:broadcom:etrust_security_command_center:1.0:::::::*
cpe:2.3:a:broadcom:etrust_security_command_center:8:::::::*
cpe:2.3:a:broadcom:etrust_security_command_center:8:sp1:cr1:::::*
cpe:2.3:a:broadcom:etrust_security_command_center:8:sp1:cr2:::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://secunia.com/advisories/22023	SECUNIA	Exploit Patch Vendor Advisory
2	http://secunia.com/advisories/22073	SECUNIA	Vendor Advisory
3	http://securitytracker.com/id?1016909	SECTRACK
4	http://securitytracker.com/id?1016910	SECTRACK	Patch
5	http://users.tpg.com.au/adsl2dvp/advisories/200608-computerassociates.txt	MISC	Exploit Patch Vendor Advisory
6	http://www.osvdb.org/29011	OSVDB	Exploit Patch
7	http://www.securityfocus.com/archive/1/446611/100/0/threaded	BUGTRAQ
8	http://www.securityfocus.com/archive/1/446716/100/0/threaded	BUGTRAQ
9	http://www.securityfocus.com/bid/20139	BID	Exploit
10	http://www.vupen.com/english/advisories/2006/3738	VUPEN
11	http://www3.ca.com/securityadvisor/blogs/posting.aspx?id=90744&pid=93243&date=2006/9	CONFIRM	Exploit Patch Vendor Advisory
12	http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34618	CONFIRM	Patch Vendor Advisory
13	https://exchange.xforce.ibmcloud.com/vulnerabilities/29107	XF

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:broadcom:etrust_audit_client:1.5:sp2::::::
cpe:2.3:a:broadcom:etrust_audit_client:1.5:sp3::::::
cpe:2.3:a:broadcom:etrust_audit_client:8.0:::::::*
cpe:2.3:a:broadcom:etrust_audit_datatools:1.5:sp2::::::
cpe:2.3:a:broadcom:etrust_audit_datatools:1.5:sp3::::::
cpe:2.3:a:broadcom:etrust_audit_datatools:8.0:::::::*
cpe:2.3:a:broadcom:etrust_audit_policy_manager:1.5:sp2::::::
cpe:2.3:a:broadcom:etrust_audit_policy_manager:1.5:sp3::::::
cpe:2.3:a:broadcom:etrust_audit_policy_manager:8.0:::::::*
cpe:2.3:a:broadcom:etrust_security_command_center:1.0:::::::*
cpe:2.3:a:broadcom:etrust_security_command_center:8:::::::*
cpe:2.3:a:broadcom:etrust_security_command_center:8:sp1:cr1:::::*
cpe:2.3:a:broadcom:etrust_security_command_center:8:sp1:cr2:::::*