CVE-2015-1950

Currently unrated

Key Information:

Vendor: IBM
Status: Powervc
Vendor: CVE Published:; 1 July 2015

Summary

IBM PowerVC Standard Edition 1.2.2.1 through 1.2.2.2 does not require authentication for access to the Python interpreter with nova credentials, which allows KVM guest OS users to discover certain PowerVC credentials and bypass intended access restrictions via unspecified Python code.

References

http://www-01.ibm.com/support/docview.wss?uid=nas8N1020740

x_refsource_CONFIRM

http://www.securityfocus.com/bid/75102

vdb-entryx_refsource_BID

http://www-01.ibm.com/support/docview.wss?uid=swg1IT08926

vendor-advisoryx_refsource_AIXAPAR

Timeline

Vulnerability published
Jul 1, 2015
Vulnerability Reserved
Feb 19, 2015