Information Disclosure in IBM PowerVC Due to Cleartext Passwords
CVE-2014-3093

Currently unrated

Key Information:

Vendor: IBM
Status: Powervc
Vendor: CVE Published:; 29 August 2014

Summary

IBM PowerVC versions prior to FP3 for 1.2.0 and FP2 for 1.2.1 are susceptible to an information disclosure vulnerability caused by the storage of sensitive data in cleartext. This security flaw affects multiple components, including api-paste.ini, debug logs, and configuration files. Local users can exploit this vulnerability by executing certain commands or accessing files, enabling them to obtain confidential information, thereby posing a significant risk to the integrity and confidentiality of the system.

References

http://www-01.ibm.com/support/docview.wss?uid=nas8N1020242

x_refsource_CONFIRM

http://www.securityfocus.com/bid/69437

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/94259

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Aug 29, 2014
Vulnerability Reserved
Apr 29, 2014