[原文]IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 has world-readable permissions for (1) /etc/neusecure.conf, (2) /opt/NeuSecure/etc/cms-3.0.236.buildconf, and (3) /opt/NeuSecure/bin/ns_archiver.log, which allows local users to read sensitive information such as passwords. NOTE: IBM has privately confirmed to CVE that a fix is available for these issues.
Netcool/NeuSecure contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to plaintext passwords by reading the /etc/neusecure.conf configuration file, which may lead to a loss of confidentiality. The files are readable by any user on the system by default.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.