CVE-2006-4991

medium

Description

RSA Keon Certificate Authority (KeonCA) Manager 6.5.1 and 6.6 allows privileged local users to hide malicious Certificate Authority (CA) activities by modifying CA auditor logs without detection by (1) modifying or deleting a <LOG BLOCK> and its signature from the XML log in a way that is not detected by the integrity check function that operates on the entire pool, or (2) modifying entries in the live log file, which is only signed during rotation.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/29068

https://exchange.xforce.ibmcloud.com/vulnerabilities/29065

http://www.securityfocus.com/bid/20136

http://www.securityfocus.com/archive/1/446742/100/0/threaded

http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049592.html

Details

Source: Mitre, NVD

Published: 2006-09-26

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 3.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N

Severity: Low

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Severity: Medium

EPSS

EPSS: 0.00042