EMC Smarts Network Configuration Manager Database Authentication Bypass Vulnerability
EMC Smarts Network Configuration Manager (NCM) all versions prior 9.1
Two vulnerabilities were reported in EMC Smarts Network Configuration Manager.
The systems uses a hard-coded key to encrypt authentication credentials on the target system [CVE-2012-4615]. A local user with knowledge of the key can access the credentials.
A remote user can connect to the target Network Configuration Manager (NCM) database [CVE-2012-4614].
A remote user can connect to the target database.
A local user can obtain passwords.
This fix also includes security updates for Apache Tomcat and JBOSS.