4 matches found
CVE-2006-1210
The CVE-2006-1210 issue affects IBM Tivoli Netcool/NeuSecure 3.0.236, where the web interface stores the MySQL username and password in cleartext within body.phtml, allowing remote attackers to gain privileges by reading the source. Root cause: credentials exposed in the web page source. Impact: ...
CVE-2006-1211
IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 is vulnerable: it configures a MySQL database to allow connections from any source IP address using the ns account, enabling remote attackers to bypass the Netcool/NeuSecure application layer and perform unauthorized database actions. The note indica...
CVE-2006-0838
IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 stores cleartext passwords in /etc/neusecure.conf (CMS_DBPASS, CMSM_DBPASS, RPT_DBPASS) and in /opt/NeuSecure/bin/ns_archiver.log, enabling local users to gain privileges. The issue is a configuration/password storage vulnerability affecting local pr...
CVE-2006-0837
Affected product: IBM Tivoli Netcool/NeuSecure 3.0.236. Issue: world-readable permissions on (1) /etc/neusecure.conf, (2) /opt/NeuSecure/etc/cms-3.0.236.buildconf, and (3) /opt/NeuSecure/bin/ns_archiver.log, enabling local users to read sensitive information such as passwords. Impact: local infor...