Lucene search

[email protected]CVE-2004-2436

HistoryAug 20, 2005 - 4:00 a.m.

CVE-2004-2436

2005-08-2004:00:00

[email protected]

web.nvd.nist.gov

computer associates

unicenter

common services

cve-2004-2436

password storage

privilege escalation

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

7.1 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Computer Associates Unicenter Common Services 3.0 and earlier stores the database “SA” password in cleartext in the TndAddNspTmp.bat file, which could allow local users to gain privileges.

Affected configurations

NVD

Node

broadcomcommon_servicesMatch1.0

broadcomcommon_servicesMatch1.1

broadcomcommon_servicesMatch2.0

broadcomcommon_servicesMatch2.1

broadcomcommon_servicesMatch2.2

broadcomcommon_servicesMatch3.0

broadcomunicenter_network_and_systems_managementMatch3.0

broadcomunicenter_serviceplus_service_deskMatch6.0

CPENameOperatorVersion
broadcom:common_servicesbroadcom common serviceseq1.0
broadcom:common_servicesbroadcom common serviceseq1.1
broadcom:common_servicesbroadcom common serviceseq2.0
broadcom:common_servicesbroadcom common serviceseq2.1
broadcom:common_servicesbroadcom common serviceseq2.2
broadcom:common_servicesbroadcom common serviceseq3.0
broadcom:unicenter_network_and_systems_managementbroadcom unicenter network and systems managementeq3.0
broadcom:unicenter_serviceplus_service_deskbroadcom unicenter serviceplus service deskeq6.0

CPE	Name	Operator	Version
broadcom:common_services	broadcom common services	eq	1.0
broadcom:common_services	broadcom common services	eq	1.1
broadcom:common_services	broadcom common services	eq	2.0
broadcom:common_services	broadcom common services	eq	2.1
broadcom:common_services	broadcom common services	eq	2.2
broadcom:common_services	broadcom common services	eq	3.0
broadcom:unicenter_network_and_systems_management	broadcom unicenter network and systems management	eq	3.0
broadcom:unicenter_serviceplus_service_desk	broadcom unicenter serviceplus service desk	eq	6.0

References

osvdb.org/displayvuln.php?osvdb_id=10408

secunia.com/advisories/12639/

securitytracker.com/id?1011468

www.securityfocus.com/bid/11277

exchange.xforce.ibmcloud.com/vulnerabilities/17562

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

7.1 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2004-2436

nvd1 cvelist1