14 lines
No EOL
874 B
Text
14 lines
No EOL
874 B
Text
source: https://www.securityfocus.com/bid/20139/info
|
|
|
|
CA eTrust Security Command Center (eSCC) and eTrust Audit are prone to multiple vulnerabilities, including:
|
|
|
|
- an information-disclosure issue
|
|
- an arbitrary-file-deletion issue
|
|
- a replay issue.
|
|
|
|
These vulnerabilities occur because the software fails to validate user input and because of design errors in the way the software handles user permissions and secure data-transmission protocols.
|
|
|
|
An attacker may exploit these vulnerabilities to access sensitive information, delete arbitrary files with the permissions of the service account, and carry out external replay attacks.
|
|
|
|
The following command-line example will send a login-failure event:
|
|
etsapisend.exe -nod $dstIP -cat "System Access" -opr Logon -sta F -nam NT-Security -loc \\Domain\IIS_Server -usr System -evt 70 -src Security -nid 529 -inf "Logon Failure" |