PT-2004-3328 · Computer Associates · Unicenter Common Services

Published

2004-12-31

Updated

2021-04-14

CVE-2004-2436

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Computer Associates Unicenter Common Services versions 3.0 and earlier

Description: The issue allows local users to gain privileges because the database "SA" password is stored in cleartext in the TndAddNspTmp.bat file.

Recommendations: For versions 3.0 and earlier, consider removing or securing access to the TndAddNspTmp.bat file to prevent unauthorized users from obtaining the database "SA" password.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-2436

Affected Products

Unicenter Common Services

PT-2004-3328 · Computer Associates · Unicenter Common Services

CVE-2004-2436

Related Identifiers

Affected Products

References · 6