Directory Traversal Vulnerability in CA eTrust Security Command Center
CVE-2006-4900

Currently unrated

Key Information:

Vendor: Broadcom
Status: Etrust Security Command Center
Vendor: CVE Published:; 22 September 2006

What is CVE-2006-4900?

The eTrust Security Command Center from Computer Associates suffers from a directory traversal vulnerability that allows remote authenticated users to exploit improperly handled input. By using '..' sequences in the eSCCAdHocHtmlFile parameter to the eSMPAuditServlet, it is possible for attackers to read and delete arbitrary files on the server. This flaw can lead to significant data exposure and manipulation risks if not mitigated promptly.

References

http://users.tpg.com.au/adsl2dvp/advisories/200608-comput...

x_refsource_MISC

http://www3.ca.com/securityadvisor/blogs/posting.aspx?id=...

x_refsource_CONFIRM

http://securitytracker.com/id?1016910

vdb-entryx_refsource_SECTRACK

EPSS Score

9% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 22, 2006
Vulnerability Reserved
Sep 20, 2006

Broadcom

What is CVE-2006-4900?

References

EPSS Score

Timeline