Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-4901

4 documents4 sources

Severity

6.4MEDIUM

EPSS

9.9%

top 6.97%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Broadcom Etrust Audit Client Broadcom Etrust Audit Datatools Broadcom Etrust Audit Policy Manager +1 more

Timeline

PublishedSep 22

Latest updateMay 1

Description

Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, and eTrust Audit 1.5 and r8, allows remote attackers to spoof alerts and conduct replay attacks by invoking eTSAPISend.exe with the desired arguments.

CVSS vector

AV:N/AC:L/C:N/I:P/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages4 packages

▶NVDbroadcom/etrust_security_command_center1.0, 8+1

▶NVDbroadcom/etrust_audit_client1.5, 8.0+1

▶NVDbroadcom/etrust_audit_datatools1.5, 8.0+1

▶NVDbroadcom/etrust_audit_policy_manager1.5, 8.0+1

Patches

Patch: secunia.com ↗Patch: securitytracker.com ↗Patch: users.tpg.com.au ↗

🔴Vulnerability Details

GHSA

GHSA-x2p9-9v87-p988: Computer Associates (CA) eTrust Security Command Center 1↗2022-05-01

▶

CVEList

CVE-2006-4901: Computer Associates (CA) eTrust Security Command Center 1↗2006-09-22

▶

💥Exploits & PoCs

Exploit-DB

CA eSCC r8/1.0 / eTrust Audit r8/1.5 - Audit Event System Replay Attack↗2006-09-21

▶