| Title | BrightStor Portal などで使用される CA CleverPath Portal における異なる Portal サーバのユーザのセッションおよび資格情報を継承される脆弱性 |
|---|---|
| Summary | BrightStor Portal、CleverPath Aion BPM、eTrust Security Command Center および Unicenter などで使用される CA CleverPath Portal には、複数の Portal サーバが同時に開始し同じ格納データを共有する際の処理に不備があるため、異なる Portal サーバのユーザのセッションおよび資格情報を継承される脆弱性が存在します。 |
| Possible impacts | Portal ユーザにより、異なる Portal サーバのユーザのセッションおよび資格情報を継承される可能性があります。 |
| Solution | ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。 |
| Publication Date | Dec. 19, 2006, midnight |
| Registration Date | June 26, 2012, 3:38 p.m. |
| Last Update | June 26, 2012, 3:38 p.m. |
| CVSS2.0 : 危険 | |
| Score | 7.5 |
|---|---|
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
| CA Technologies |
| cleverpath portal maintenance version 4.71.001_179_060830 未満 |
| Arcserve |
| brightstor Portal r11.1 |
| cleverpath |
| aion bpm r10 から r10.2 |
| portal |
| etrust |
| security command center r1 および r8 |
| unicenter |
| asset and portfolio management |
| database command center |
| database management portal |
| enterprise job manager |
| management portal |
| workload control center |
| No | Changed Details | Date of change |
|---|---|---|
| 0 | [2012年06月26日] 掲載 |
Feb. 17, 2018, 10:37 a.m. |
| Summary | Unspecified vulnerability in CA CleverPath Portal before maintenance version 4.71.001_179_060830, as used in multiple products including BrightStor Portal r11.1, CleverPath Aion BPM r10 through r10.2, eTrust Security Command Center r1 and r8, and Unicenter, does not properly handle when multiple Portal servers are started at the same time and share the same data store, which might cause a Portal user to inherit the session and credentials of a user who is on another Portal server. |
|---|---|
| Publication Date | Dec. 20, 2006, 9:28 a.m. |
| Registration Date | Jan. 29, 2021, 3:52 p.m. |
| Last Update | April 8, 2021, 3:57 a.m. |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:a:arcserve:brightstor:11.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:broadcom:cleverpath_portal:*:*:*:*:*:*:*:* | 4.71 | ||||
| cpe:2.3:a:cleverpath:aion_bpm:r10:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:cleverpath:aion_bpm:r10.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:cleverpath:aion_bpm:r10.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:cleverpath:portal:r4.7:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:cleverpath:portal:r4.51:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:cleverpath:portal:r4.71:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:etrust:security_command_center:r1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:etrust:security_command_center:r8:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:unicenter:asset_and_portfolio_management:r11:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:unicenter:database_command_center:r11.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:unicenter:database_management_portal:r11:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:unicenter:enterprise_job_manager:r1_sp3:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:unicenter:management_portal:r2.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:unicenter:management_portal:r3.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:unicenter:management_portal:r11.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:unicenter:workload_control_center:r1_sp4:*:*:*:*:*:*:* | |||||