Vulnerability Description
IBM PowerVC 1.2.0.x through 1.2.0.4, 1.2.1.x through 1.2.1.2, and 1.2.2.x through 1.2.2.2 does not require authentication for the ceilometer NoSQL database, which allows remote attackers to read or write to arbitrary database records, and consequently obtain administrator privileges, via a session on port 27017.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Powervc | 1.2.0.0 |
Related Weaknesses (CWE)
References
- http://www-01.ibm.com/support/docview.wss?uid=nas8N1020731PatchVendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT08806
- http://www.securityfocus.com/bid/74911
- http://www-01.ibm.com/support/docview.wss?uid=nas8N1020731PatchVendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT08806
- http://www.securityfocus.com/bid/74911
FAQ
What is CVE-2015-1937?
CVE-2015-1937 is a vulnerability with a CVSS score of 7.5 (HIGH). IBM PowerVC 1.2.0.x through 1.2.0.4, 1.2.1.x through 1.2.1.2, and 1.2.2.x through 1.2.2.2 does not require authentication for the ceilometer NoSQL database, which allows remote attackers to read or wr...
How severe is CVE-2015-1937?
CVE-2015-1937 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-1937?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Powervc.