7.5

CVE-2015-1937

IBM PowerVC 1.2.0.x through 1.2.0.4, 1.2.1.x through 1.2.1.2, and 1.2.2.x through 1.2.2.2 does not require authentication for the ceilometer NoSQL database, which allows remote attackers to read or write to arbitrary database records, and consequently obtain administrator privileges, via a session on port 27017.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmPowervc Version1.2.0.0 SwEditionexpress
IbmPowervc Version1.2.0.0 SwEditionstandard
IbmPowervc Version1.2.0.1 SwEditionexpress
IbmPowervc Version1.2.0.1 SwEditionstandard
IbmPowervc Version1.2.0.2 SwEditionexpress
IbmPowervc Version1.2.0.2 SwEditionstandard
IbmPowervc Version1.2.0.3 SwEditionexpress
IbmPowervc Version1.2.0.3 SwEditionstandard
IbmPowervc Version1.2.0.4 SwEditionexpress
IbmPowervc Version1.2.0.4 SwEditionstandard
IbmPowervc Version1.2.1.0 SwEditionexpress
IbmPowervc Version1.2.1.0 SwEditionstandard
IbmPowervc Version1.2.1.1 SwEditionexpress
IbmPowervc Version1.2.1.2 SwEditionexpress
IbmPowervc Version1.2.1.2 SwEditionstandard
IbmPowervc Version1.2.2.0 SwEditionexpress
IbmPowervc Version1.2.2.0 SwEditionstandard
IbmPowervc Version1.2.2.1 SwEditionexpress
IbmPowervc Version1.2.2.1 SwEditionstandard
IbmPowervc Version1.2.2.2 SwEditionexpress
IbmPowervc Version1.2.2.2 SwEditionstandard
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.77% 0.712
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.