Unrated severityNVD Advisory· Published Sep 22, 2006· Updated Apr 16, 2026

CVE-2006-4900

Description

Directory traversal vulnerability in Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, allows remote authenticated users to read and delete arbitrary files via ".." sequences in the eSCCAdHocHtmlFile parameter to eSMPAuditServlet, which is not properly handled by the getadhochtml function.

Affected products

Broadcom Corporation/Etrust Security Command Center3 versions
cpe:2.3:a:broadcom:etrust_security_command_center:8:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:broadcom:etrust_security_command_center:8:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:etrust_security_command_center:8:sp1:cr1:*:*:*:*:*
- cpe:2.3:a:broadcom:etrust_security_command_center:8:sp1:cr2:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www3.ca.com/securityadvisor/vulninfo/vuln.aspxnvdPatchVendor Advisory
secunia.com/advisories/22023nvdExploitPatchVendor Advisory
users.tpg.com.au/adsl2dvp/advisories/200608-computerassociates.txtnvdExploitPatchVendor Advisory
www.osvdb.org/29010nvdExploitPatch
www3.ca.com/securityadvisor/blogs/posting.aspxnvdExploitPatchVendor Advisory
securitytracker.com/idnvd
www.securityfocus.com/archive/1/446611/100/0/threadednvd
www.securityfocus.com/archive/1/446716/100/0/threadednvd
www.securityfocus.com/bid/20139nvd
www.vupen.com/english/advisories/2006/3738nvd
exchange.xforce.ibmcloud.com/vulnerabilities/29104nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.008
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000