Vulnerability Description
CSPOC in IBM PowerHA SystemMirror on AIX 6.1 and 7.1 allows remote authenticated users to perform an "su root" action by leveraging presence on the cluster-wide password-change list.
CVSS Score
8.5
HIGH
AV:N/AC:M/Au:S/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Powerha System Mirror | All versions |
| Ibm | Aix | 6.1 |
Related Weaknesses (CWE)
References
- http://aix.software.ibm.com/aix/efixes/security/powerha_advisory.ascVendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=isg1IV76943
- http://www-01.ibm.com/support/docview.wss?uid=isg1IV76946
- http://www-01.ibm.com/support/docview.wss?uid=isg1IV77007
- http://www.securityfocus.com/bid/76948
- http://aix.software.ibm.com/aix/efixes/security/powerha_advisory.ascVendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=isg1IV76943
- http://www-01.ibm.com/support/docview.wss?uid=isg1IV76946
- http://www-01.ibm.com/support/docview.wss?uid=isg1IV77007
- http://www.securityfocus.com/bid/76948
FAQ
What is CVE-2015-5005?
CVE-2015-5005 is a vulnerability with a CVSS score of 8.5 (HIGH). CSPOC in IBM PowerHA SystemMirror on AIX 6.1 and 7.1 allows remote authenticated users to perform an "su root" action by leveraging presence on the cluster-wide password-change list.
How severe is CVE-2015-5005?
CVE-2015-5005 has been rated HIGH with a CVSS base score of 8.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-5005?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Powerha System Mirror, Ibm Aix.