Access Token Exposure in IBM PowerVC Management Tools
CVE-2015-0136

Currently unrated

Key Information:

Vendor: IBM
Status: Powervc
Vendor: CVE Published:; 24 March 2015

Summary

The vulnerability in IBM PowerVC affects versions 1.2.0.x prior to 1.2.0.4 and 1.2.1.x prior to 1.2.2, where an access token is exposed on the command line during the management of IVM and PowerKVM. This exposure allows local users to retrieve sensitive information by simply listing the processes, thereby compromising system integrity and confidentiality.

References

http://www-01.ibm.com/support/docview.wss?uid=nas8N1020608

x_refsource_CONFIRM

Timeline

Vulnerability published
Mar 24, 2015
Vulnerability Reserved
Nov 18, 2014