5 matches found
Design/Logic Flaw
The web interface for IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 includes the MySQL database username and password in cleartext in body.phtml, which allows remote attackers to gain privileges by reading the source. NOTE: IBM has privately confirmed to CVE that a fix is available for these...
Code injection
IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 has world-readable permissions for 1 /etc/neusecure.conf, 2 /opt/NeuSecure/etc/cms-3.0.236.buildconf, and 3 /opt/NeuSecure/bin/nsarchiver.log, which allows local users to read sensitive information such as passwords. NOTE: IBM has privately confirmed...
CVE-2006-0838
IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 stores cleartext passwords in the 1 CMSDBPASS, 2 CMSMDBPASS, and 3 RPTDBPASS fields in /etc/neusecure.conf, and in 4 /opt/NeuSecure/bin/nsarchiver.log, which allows local users to gain privileges. NOTE: IBM has privately confirmed to CVE that a fix i...
Code injection
IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 stores cleartext passwords in the 1 CMSDBPASS, 2 CMSMDBPASS, and 3 RPTDBPASS fields in /etc/neusecure.conf, and in 4 /opt/NeuSecure/bin/nsarchiver.log, which allows local users to gain privileges. NOTE: IBM has privately confirmed to CVE that a fix i...
CVE-2006-0838
IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 stores cleartext passwords in the 1 CMSDBPASS, 2 CMSMDBPASS, and 3 RPTDBPASS fields in /etc/neusecure.conf, and in 4 /opt/NeuSecure/bin/nsarchiver.log, which allows local users to gain privileges. NOTE: IBM has privately confirmed to CVE that a fix i...