CVE-2006-1210
- EPSS 0.85%
- Veröffentlicht 14.03.2006 01:06:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
The web interface for IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 includes the MySQL database username and password in cleartext in body.phtml, which allows remote attackers to gain privileges by reading the source. NOTE: IBM has privately confir...
CVE-2006-1211
- EPSS 0.31%
- Veröffentlicht 14.03.2006 01:06:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 configures a MySQL database to allow connections from any source IP address with the ns database account, which allows remote attackers to bypass the Netcool/NeuSecure application layer and perform unaut...
CVE-2006-0837
- EPSS 0.06%
- Veröffentlicht 22.02.2006 02:02:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 has world-readable permissions for (1) /etc/neusecure.conf, (2) /opt/NeuSecure/etc/cms-3.0.236.buildconf, and (3) /opt/NeuSecure/bin/ns_archiver.log, which allows local users to read sensitive informatio...
CVE-2006-0838
- EPSS 0.07%
- Veröffentlicht 22.02.2006 02:02:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 stores cleartext passwords in the (1) CMS_DBPASS, (2) CMSM_DBPASS, and (3) RPT_DBPASS fields in /etc/neusecure.conf, and in (4) /opt/NeuSecure/bin/ns_archiver.log, which allows local users to gain privil...