Vulnerabilities > Micromuse
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-03-14 | CVE-2006-1211 | SQL-Injection vulnerability in Micromuse Netcool Neusecure 3.0.236 IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 configures a MySQL database to allow connections from any source IP address with the ns database account, which allows remote attackers to bypass the Netcool/NeuSecure application layer and perform unauthorized database actions. | 7.5 |
2006-03-14 | CVE-2006-1210 | Unspecified vulnerability in Micromuse Netcool Neusecure 3.0.236 The web interface for IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 includes the MySQL database username and password in cleartext in body.phtml, which allows remote attackers to gain privileges by reading the source. | 7.5 |
2006-02-22 | CVE-2006-0838 | Unspecified vulnerability in Micromuse Netcool Neusecure 3.0.236 IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 stores cleartext passwords in the (1) CMS_DBPASS, (2) CMSM_DBPASS, and (3) RPT_DBPASS fields in /etc/neusecure.conf, and in (4) /opt/NeuSecure/bin/ns_archiver.log, which allows local users to gain privileges. | 2.1 |
2006-02-22 | CVE-2006-0837 | Unspecified vulnerability in Micromuse Netcool Neusecure 3.0.236 IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 has world-readable permissions for (1) /etc/neusecure.conf, (2) /opt/NeuSecure/etc/cms-3.0.236.buildconf, and (3) /opt/NeuSecure/bin/ns_archiver.log, which allows local users to read sensitive information such as passwords. | 2.1 |