CVE-2015-1937

Currently unrated

Key Information:

Vendor
IBM
Status
Powervc
Vendor
CVE Published:
30 May 2015

Summary

IBM PowerVC 1.2.0.x through 1.2.0.4, 1.2.1.x through 1.2.1.2, and 1.2.2.x through 1.2.2.2 does not require authentication for the ceilometer NoSQL database, which allows remote attackers to read or write to arbitrary database records, and consequently obtain administrator privileges, via a session on port 27017.

References

http://www-01.ibm.com/support/docview.wss?uid=nas8N1020731
x_refsource_CONFIRM
http://www.securityfocus.com/bid/74911
vdb-entryx_refsource_BID
http://www-01.ibm.com/support/docview.wss?uid=swg1IT08806
vendor-advisoryx_refsource_AIXAPAR

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.