Database passwords are stored unencrypted in cleartext, log files access, unauthorized MBean access, cleartext password logged on password change, etc.
vulners.com/securityvulns/securityvulns:doc:11169
vulners.com/securityvulns/securityvulns:doc:11170
vulners.com/securityvulns/securityvulns:doc:11171