Technical Description

A vulnerability has been identified in various CA products, which could be exploited by attackers to potentially hijack a user's session. This issue is due to an error in the CleverPath Portal when deployed in a multi-server environment sharing a common data store, which could allow a user who connects through one Portal server to inherit the Portal session and associated security authentication of a user running on another Portal server.

Note : None of the CA products that embed the CleverPath Portal offer a multiple Portal server environment as a configurable option.

Affected Products

CA BrightStor Portal r11.1
CA CleverPath Aion BPM r10
CA CleverPath Aion BPM r10.1
CA CleverPath Aion BPM r10.2
CA CleverPath Portal r4.51
CA CleverPath Portal r4.7
CA CleverPath Portal r4.71
CA eTrust Security Command Center r1
CA eTrust Security Command Center r8
CA Unicenter Asset and Portfolio Management r11
CA Unicenter Database Management Portal r11
CA Unicenter Database Command Center r11.1
CA Unicenter Enterprise Job Manager r1 SP3
CA Unicenter Workload Control Center r1 SP4
CA Unicenter Management Portal r2.0
CA Unicenter Management Portal r3.1
CA Unicenter Management Portal r11.0

Solution

Update for CA BrightStor Portal r11.1 :
http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO84590

Update for CA CleverPath Aion BPM r10 :
ftp://ftp.ca.com/pub/portal/4.7/4.7.001_143_061031/4.7.001_143_061031_full.zip

Update for CA CleverPath Aion BPM r10.1 :
ftp://ftp.ca.com/pub/portal/4.7/4.7.001_143_061031/4.7.001_143_061031_full.zip

Update for CA CleverPath Aion BPM r10.2 :
ftp://ftp.ca.com/pub/portal/4.71/4.71.001_180_060928/4.71.001_180_060928_full.zip

Update for CA CleverPath Portal r4.51 :
ftp://ftp.ca.com/pub/portal/4.51/4.51.007/4.51.007_178_061023/4.51.007_178_061023_full.zip

Update for CA CleverPath Portal r4.7 :
ftp://ftp.ca.com/pub/portal/4.7/4.7.001_143_061031/4.7.001_143_061031_full.zip

Update for CA CleverPath Portal r4.71 :
ftp://ftp.ca.com/pub/portal/4.71/4.71.001_180_060928/4.71.001_180_060928_full.zip

Update for CA eTrust Security Command Center r1 :
http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO84025

Update for CA eTrust Security Command Center r8 :
http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO84025

Update for CA Unicenter Asset and Portfolio Management r11 :
ftp://ftp.ca.com/pub/portal/4.7/4.7.001_143_061031/4.7.001_143_061031_full.zip

Update for CA Unicenter Database Management Portal r11 :
ftp://ftp.ca.com/pub/portal/4.51/4.51.007/4.51.007_178_061023/4.51.007_178_061023_full.zip

Update for CA Unicenter Database Command Center r11.1 :
ftp://ftp.ca.com/pub/portal/4.7/4.7.001_143_061031/4.7.001_143_061031_full.zip

Update for CA Unicenter Enterprise Job Manager r1 SP3 :
ftp://ftp.ca.com/pub/portal/4.51/4.51.007/4.51.007_178_061023/4.51.007_178_061023_full.zip

Update for CA Unicenter Workload Control Center r1 SP4 :
ftp://ftp.ca.com/pub/portal/4.71/4.71.001_180_060928/4.71.001_180_060928_full.zip

Update for CA Unicenter Management Portal r2.0 :
ftp://ftp.ca.com/pub/portal/3.51/3.51.001_20061005_00/3.51.001_20061005_00.zip

Update for CA Unicenter Management Portal r3.1 :
ftp://ftp.ca.com/pub/portal/4.51/4.51.007/4.51.007_181_061109/4.51.007_181_061109_full.zip

Update for CA Unicenter Management Portal r11.0 :
ftp://ftp.ca.com/pub/portal/4.7/4.7.001_144_061115/4.7.001_144_061115_full.zip

References

http://www.vupen.com/english/advisories/2006/5091
http://supportconnectw.ca.com/public/ca_common_docs/cpportal_secnot.asp

Credits

Vulnerability reported by the vendor

ChangeLog

2006-12-20 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.