No Authentication Vulnerability in IBM PowerVC Products
CVE-2015-1937

Currently unrated

Key Information:

Vendor: IBM
Status: Powervc
Vendor: CVE Published:; 30 May 2015

What is CVE-2015-1937?

Certain versions of IBM PowerVC lack proper authentication for the ceilometer NoSQL database, exposing sensitive data and allowing unauthorized users to read and write arbitrary database records. This loophole could potentially enable an attacker to gain administrator privileges through a simple connection to port 27017, posing a significant security risk to data integrity and system governance.

References

http://www-01.ibm.com/support/docview.wss?uid=nas8N1020731

x_refsource_CONFIRM

http://www.securityfocus.com/bid/74911

vdb-entryx_refsource_BID

http://www-01.ibm.com/support/docview.wss?uid=swg1IT08806

vendor-advisoryx_refsource_AIXAPAR

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 30, 2015
Vulnerability Reserved
Feb 19, 2015