Authentication Bypass in IBM PowerVC Standard Edition
CVE-2015-1950

Currently unrated

Key Information:

Vendor: IBM
Status: Powervc
Vendor: CVE Published:; 1 July 2015

What is CVE-2015-1950?

IBM PowerVC Standard Edition versions 1.2.2.1 through 1.2.2.2 have a vulnerability that allows KVM guest OS users to bypass authentication measures. This is possible due to the Python interpreter being accessible without authentication, potentially exposing sensitive PowerVC credentials. This flaw could enable unauthorized users to execute code that reveals critical information and compromises system integrity.

References

http://www-01.ibm.com/support/docview.wss?uid=nas8N1020740

x_refsource_CONFIRM

http://www.securityfocus.com/bid/75102

vdb-entryx_refsource_BID

http://www-01.ibm.com/support/docview.wss?uid=swg1IT08926

vendor-advisoryx_refsource_AIXAPAR

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 1, 2015
Vulnerability Reserved
Feb 19, 2015