IBM Tivoli Business Service Manager NCISETUP.DB and MSI.LOG Password Disclosure Vulnerability

IBM Tivoli Business Service Manager NCISETUP.DB and MSI.LOG Password Disclosure Vulnerability

IBM Tivoli Business Service Manager is prone to a local password-disclosure vulnerability that arises because of a design error.

A successful attack can allow a local attacker to gain access to various unencrypted passwords, potentially allowing them to access the application in an unauthorized manner.

IBM Tivoli Business Service Manager 4.1 is reported vulnerable to this issue; other versions could be affected as well.