7.5

CVE-2015-1937

IBM PowerVC 1.2.0.x through 1.2.0.4, 1.2.1.x through 1.2.1.2, and 1.2.2.x through 1.2.2.2 does not require authentication for the ceilometer NoSQL database, which allows remote attackers to read or write to arbitrary database records, and consequently obtain administrator privileges, via a session on port 27017.

Data is provided by the National Vulnerability Database (NVD)
IbmPowervc Version1.2.0.0 SwEditionexpress
IbmPowervc Version1.2.0.0 SwEditionstandard
IbmPowervc Version1.2.0.1 SwEditionexpress
IbmPowervc Version1.2.0.1 SwEditionstandard
IbmPowervc Version1.2.0.2 SwEditionexpress
IbmPowervc Version1.2.0.2 SwEditionstandard
IbmPowervc Version1.2.0.3 SwEditionexpress
IbmPowervc Version1.2.0.3 SwEditionstandard
IbmPowervc Version1.2.0.4 SwEditionexpress
IbmPowervc Version1.2.0.4 SwEditionstandard
IbmPowervc Version1.2.1.0 SwEditionexpress
IbmPowervc Version1.2.1.0 SwEditionstandard
IbmPowervc Version1.2.1.1 SwEditionexpress
IbmPowervc Version1.2.1.2 SwEditionexpress
IbmPowervc Version1.2.1.2 SwEditionstandard
IbmPowervc Version1.2.2.0 SwEditionexpress
IbmPowervc Version1.2.2.0 SwEditionstandard
IbmPowervc Version1.2.2.1 SwEditionexpress
IbmPowervc Version1.2.2.1 SwEditionstandard
IbmPowervc Version1.2.2.2 SwEditionexpress
IbmPowervc Version1.2.2.2 SwEditionstandard
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.77% 0.712
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.