FTP Credential Leak in IBM PowerVC Express Edition
CVE-2014-4750

Currently unrated

Key Information:

Vendor: IBM
Status: Powervc
Vendor: CVE Published:; 20 August 2014

Summary

IBM PowerVC Express Edition versions prior to FixPack3 have a vulnerability where an FTP session is established for file transfers to managed IVM instances. This insecure implementation allows attackers to potentially intercept and discover sensitive credentials through network sniffing, posing a serious risk to data integrity and system security. Organizations using this version should apply the necessary patches to mitigate the risk associated with unauthorized access.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/94352

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=nas8N1020223

x_refsource_CONFIRM

http://www.securityfocus.com/bid/69299

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Aug 20, 2014
Vulnerability Reserved
Jul 9, 2014