Configuration Flaw in Computer Associates Unicenter Common Services
CVE-2004-2436

Currently unrated

Key Information:

Vendor: Broadcom
Status: Common Services; Unicenter Network And Systems Management; Unicenter Serviceplus Service Desk
Vendor: CVE Published:; 31 December 2004

What is CVE-2004-2436?

Computer Associates Unicenter Common Services versions 3.0 and earlier have a significant security flaw where the 'SA' database password is stored in plaintext in the TndAddNspTmp.bat file. This exposure enables local users to access sensitive information, potentially leading to unauthorized privilege escalation within the system. Mitigation strategies should involve securing the password storage and ensuring that sensitive information is not stored in an easily accessible format.

References

http://osvdb.org/displayvuln.php?osvdb_id=10408

vdb-entryx_refsource_OSVDB

http://secunia.com/advisories/12639/

third-party-advisoryx_refsource_SECUNIA

http://securitytracker.com/id?1011468

vdb-entryx_refsource_SECTRACK

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Aug 20, 2005
Vulnerability published
Dec 31, 2004

Broadcom

What is CVE-2004-2436?

References

Timeline