1. Home
  2. CVE Database
  3. CVE-2015-0136
LOW · 2.1

CVE-2015-0136

powervc-iso-import in IBM PowerVC 1.2.0.x before 1.2.0.4 and 1.2.1.x before 1.2.2 places an access token on the command line during IVM and PowerKVM management, which allows local users to obtain sens...

Vulnerability Description

powervc-iso-import in IBM PowerVC 1.2.0.x before 1.2.0.4 and 1.2.1.x before 1.2.2 places an access token on the command line during IVM and PowerKVM management, which allows local users to obtain sensitive information by listing the process.

CVSS Score

2.1

LOW

AV:L/AC:L/Au:N/C:P/I:N/A:N
Confidentiality
PARTIAL
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
IbmPowervc1.2.0.0

Related Weaknesses (CWE)

CWE-200

References

FAQ

What is CVE-2015-0136?

CVE-2015-0136 is a vulnerability with a CVSS score of 2.1 (LOW). powervc-iso-import in IBM PowerVC 1.2.0.x before 1.2.0.4 and 1.2.1.x before 1.2.2 places an access token on the command line during IVM and PowerKVM management, which allows local users to obtain sens...

How severe is CVE-2015-0136?

CVE-2015-0136 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-0136?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Powervc.