Sensitive Information Disclosure in IBM General Parallel File System
CVE-2015-1890

Currently unrated

Key Information:

Vendor: IBM
Status: General Parallel File System
Vendor: CVE Published:; 6 April 2015

What is CVE-2015-1890?

IBM General Parallel File System (GPFS) versions prior to 4.1.0.7 may unintentionally create an archive via the 'gpfs.snap' command that contains cleartext keys. This situation is exacerbated by the absence of warnings to users regarding the review of this archive, which may contain sensitive information. If exploited by remote attackers with access to specific data streams, this vulnerability can lead to unauthorized exposure of key data, potentially compromising system and data integrity.

References

http://www.securityfocus.com/bid/73918

vdb-entryx_refsource_BID

http://www.ibm.com/support/docview.wss?uid=isg3T1022077

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 6, 2015
Vulnerability Reserved
Feb 19, 2015