CA eTrust Security Command Center and eTrust Audit Multiple Vulnerabilities

CA eTrust Security Command Center and eTrust Audit Multiple Vulnerabilities

CA eTrust Security Command Center (eSCC) and eTrust Audit are prone to multiple vulnerabilities, including:

- an information-disclosure issue
- an arbitrary-file-deletion issue
- a replay issue.

These vulnerabilities occur because the software fails to validate user input and because of design errors in the way the software handles user permissions and secure data-transmission protocols.

An attacker may exploit these vulnerabilities to access sensitive information, delete arbitrary files with the permissions of the service account, and carry out external replay attacks.