Vulnerability Description
IBM PowerVC Standard Edition 1.2.2.1 through 1.2.2.2 does not require authentication for access to the Python interpreter with nova credentials, which allows KVM guest OS users to discover certain PowerVC credentials and bypass intended access restrictions via unspecified Python code.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Powervc | 1.2.2.1 |
Related Weaknesses (CWE)
References
- http://www-01.ibm.com/support/docview.wss?uid=nas8N1020740Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT08926
- http://www.securityfocus.com/bid/75102
- http://www-01.ibm.com/support/docview.wss?uid=nas8N1020740Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT08926
- http://www.securityfocus.com/bid/75102
FAQ
What is CVE-2015-1950?
CVE-2015-1950 is a vulnerability with a CVSS score of 4.6 (MEDIUM). IBM PowerVC Standard Edition 1.2.2.1 through 1.2.2.2 does not require authentication for access to the Python interpreter with nova credentials, which allows KVM guest OS users to discover certain Pow...
How severe is CVE-2015-1950?
CVE-2015-1950 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-1950?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Powervc.