CVE-2006-3732
published 2006-07-21CVE-2006-3732: Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1 ships with an Oracle database that contains several default accounts and…
PriorityP418medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
1.33%
67.5th percentile
Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1 ships with an Oracle database that contains several default accounts and passwords, which allows attackers to obtain sensitive information.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cs-mars | — | — |
| cisco | cs-mars | — | — |
| cisco | cs-mars | — | — |
| cisco | cs-mars | — | — |
| cisco | security_monitoring_analysis_and | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4jwm-69fq-5hpg: Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4
ghsa_unreviewed·2022-05-01
CVE-2006-3732 [MEDIUM] GHSA-4jwm-69fq-5hpg: Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4
Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1 ships with an Oracle database that contains several default accounts and passwords, which allows attackers to obtain sensitive information.
Cisco
Multiple Vulnerabilities in Cisco Security Monitoring, Analysis and Response System (CS-MARS)
vendor_cisco·2006-07-19
CVE-2006-3732 CWE-200 Multiple Vulnerabilities in Cisco Security Monitoring, Analysis and Response System (CS-MARS)
Multiple Vulnerabilities in Cisco Security Monitoring, Analysis and Response System (CS-MARS)
Cisco Security Monitoring, Analysis and Response System (CS-MARS)
software contains vulnerabilities related to third-party software and the
command line interface (CLI).
CS-MARS ships with an Oracle database. The database contains several
default Oracle accounts which have well-known passwords. If access to the
database is obtained, the default accounts may be used to access sensitive
information contained in the database.
CS-MARS ships with the JBoss web application server. A component of
the JBoss installation may allow a remote, unauthenticated user to execute
arbitrary shell commands with the privileges of the CS-MARS
administrator.
The CS-MARS CLI contains several vulnerabilities which
Cisco
Multiple Vulnerabilities in Cisco Security Monitoring, Analysis and Response System (CS-MARS)
vendor_cisco
CVE-2006-3732 Multiple Vulnerabilities in Cisco Security Monitoring, Analysis and Response System (CS-MARS)
CVE-2006-3732: Multiple Vulnerabilities in Cisco Security Monitoring, Analysis and Response System (CS-MARS)
Cisco Security Monitoring, Analysis and Response System (CS-MARS) software contains vulnerabilities related to third-party software and the command line interface (CLI). CS-MARS ships with an Oracle database. The database contains several default Oracle accounts which have well-known passwords. If access to the database is obtained, the default accounts may be used to access sensitive information contained in the database. CS-MARS ships with the JBoss web application server. A component of the JBoss installation may allow a remote, unauthenticated user to execute arbitrary shell commands with the privileges of the CS-MARS administrator. The CS-MARS CLI contains several vulnerabiliti
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://secunia.com/advisories/21118http://securitytracker.com/id?1016537http://www.cisco.com/warp/public/707/cisco-sa-20060719-mars.shtmlhttp://www.securityfocus.com/bid/19071http://www.securityfocus.com/bid/19073http://www.vupen.com/english/advisories/2006/2887https://exchange.xforce.ibmcloud.com/vulnerabilities/27810http://secunia.com/advisories/21118http://securitytracker.com/id?1016537http://www.cisco.com/warp/public/707/cisco-sa-20060719-mars.shtmlhttp://www.securityfocus.com/bid/19071http://www.securityfocus.com/bid/19073http://www.vupen.com/english/advisories/2006/2887https://exchange.xforce.ibmcloud.com/vulnerabilities/27810
2006-07-21
Published