Lucene search

[email protected]CVE-2006-0838

HistoryFeb 22, 2006 - 2:02 a.m.

CVE-2006-0838

2006-02-2202:02:00

[email protected]

web.nvd.nist.gov

ibm

tivoli

micromuse

netcool

neusecure

cleartext passwords

local privilege escalation

cve-2006-0838

nvd

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 stores cleartext passwords in the (1) CMS_DBPASS, (2) CMSM_DBPASS, and (3) RPT_DBPASS fields in /etc/neusecure.conf, and in (4) /opt/NeuSecure/bin/ns_archiver.log, which allows local users to gain privileges. NOTE: IBM has privately confirmed to CVE that a fix is available for these issues.

Affected configurations

NVD

Node

micromusenetcool_neusecureMatch3.0.236

CPENameOperatorVersion
micromuse:netcool_neusecuremicromuse netcool neusecureeq3.0.236

CPE	Name	Operator	Version
micromuse:netcool_neusecure	micromuse netcool neusecure	eq	3.0.236

References

archives.neohapsis.com/archives/fulldisclosure/2006-02/0364.html

secunia.com/advisories/18922

securitytracker.com/id?1015642

www.osvdb.org/23270

www.osvdb.org/23271

www.securityfocus.com/archive/1/425304/100/0/threaded

www.securityfocus.com/bid/16693

www.securityfocus.com/bid/16698

exchange.xforce.ibmcloud.com/vulnerabilities/24785

exchange.xforce.ibmcloud.com/vulnerabilities/24787

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2006-0838

prion1 nvd1 cvelist1