N/A

Unspecified vulnerability in CA CleverPath Portal before maintenance version 4.71.001_179_060830, as used in multiple products including BrightStor Portal r11.1, CleverPath Aion BPM r10 through r10.2, eTrust Security Command Center r1 and r8, and Unicenter, does not properly handle when multiple Portal servers are started at the same time and share the same data store, which might cause a Portal user to inherit the session and credentials of a user who is on another Portal server.

N/A

N/A

CA CleverPath Portal和其他嵌入了Portal 环境会话劫持漏洞

CleverPath Portal是一个为员工、合作伙伴和客户进行个性化设置的电子商务工作环境。 CA CleverPath Portal和其他嵌入了Portal技术的CA解决方案中存在会话验证错误，远程攻击者可能利用此漏洞获取非授权访问。 在某些Portal服务器配置中，如果多个Portal服务器同时启动且共享同一数据存储的话，则通过一个Portal服务器连接的用户可以继承另一个Portal服务器上所运行用户的Portal会话和相关安全认证，获得非授权访问

N/A

N/A