Authentication Bypass in IBM PowerVC Standard Edition
CVE-2015-1950

Currently unrated

Key Information:

Vendor
IBM
Status
Powervc
Vendor
CVE Published:
1 July 2015

Summary

IBM PowerVC Standard Edition versions 1.2.2.1 through 1.2.2.2 have a vulnerability that allows KVM guest OS users to bypass authentication measures. This is possible due to the Python interpreter being accessible without authentication, potentially exposing sensitive PowerVC credentials. This flaw could enable unauthorized users to execute code that reveals critical information and compromises system integrity.

References

http://www-01.ibm.com/support/docview.wss?uid=nas8N1020740
x_refsource_CONFIRM
http://www.securityfocus.com/bid/75102
vdb-entryx_refsource_BID
http://www-01.ibm.com/support/docview.wss?uid=swg1IT08926
vendor-advisoryx_refsource_AIXAPAR

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.