Vulnerabilities > Micromuse

DATE CVE VULNERABILITY TITLE RISK
2006-03-14 CVE-2006-1211 SQL-Injection vulnerability in Micromuse Netcool Neusecure 3.0.236
IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 configures a MySQL database to allow connections from any source IP address with the ns database account, which allows remote attackers to bypass the Netcool/NeuSecure application layer and perform unauthorized database actions.
network
low complexity
micromuse
7.5
2006-03-14 CVE-2006-1210 Unspecified vulnerability in Micromuse Netcool Neusecure 3.0.236
The web interface for IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 includes the MySQL database username and password in cleartext in body.phtml, which allows remote attackers to gain privileges by reading the source.
network
low complexity
micromuse
7.5
2006-02-22 CVE-2006-0838 Unspecified vulnerability in Micromuse Netcool Neusecure 3.0.236
IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 stores cleartext passwords in the (1) CMS_DBPASS, (2) CMSM_DBPASS, and (3) RPT_DBPASS fields in /etc/neusecure.conf, and in (4) /opt/NeuSecure/bin/ns_archiver.log, which allows local users to gain privileges.
local
low complexity
micromuse
2.1
2006-02-22 CVE-2006-0837 Unspecified vulnerability in Micromuse Netcool Neusecure 3.0.236
IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 has world-readable permissions for (1) /etc/neusecure.conf, (2) /opt/NeuSecure/etc/cms-3.0.236.buildconf, and (3) /opt/NeuSecure/bin/ns_archiver.log, which allows local users to read sensitive information such as passwords.
local
low complexity
micromuse
2.1