2023-04-24 12:24:31 +02:00
{
"id" : "CVE-2015-1937" ,
"sourceIdentifier" : "psirt@us.ibm.com" ,
"published" : "2015-05-30T19:59:02.740" ,
2024-12-08 03:06:42 +00:00
"lastModified" : "2024-11-21T02:26:26.420" ,
2023-04-24 12:24:31 +02:00
"vulnStatus" : "Modified" ,
2024-07-14 02:06:08 +00:00
"cveTags" : [ ] ,
2023-04-24 12:24:31 +02:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "IBM PowerVC 1.2.0.x through 1.2.0.4, 1.2.1.x through 1.2.1.2, and 1.2.2.x through 1.2.2.2 does not require authentication for the ceilometer NoSQL database, which allows remote attackers to read or write to arbitrary database records, and consequently obtain administrator privileges, via a session on port 27017."
} ,
{
"lang" : "es" ,
"value" : "IBM PowerVC 1.2.0.x hasta 1.2.0.4, 1.2.1.x hasta 1.2.1.2, y 1.2.2.x hasta 1.2.2.2 no requiere autenticaci\u00f3n para la base de datos del NoSQL ciel\u00f3metro, lo que permite a atacantes remotos leer o escribir en registros arbitrarios de la base de datos, y como consecuencia obtener privilegios administrativos, a trav\u00e9s de una sesi\u00f3n en el puerto 27017."
}
] ,
"metrics" : {
"cvssMetricV2" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "2.0" ,
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P" ,
2024-12-08 03:06:42 +00:00
"baseScore" : 7.5 ,
2023-04-24 12:24:31 +02:00
"accessVector" : "NETWORK" ,
"accessComplexity" : "LOW" ,
"authentication" : "NONE" ,
"confidentialityImpact" : "PARTIAL" ,
"integrityImpact" : "PARTIAL" ,
2024-12-08 03:06:42 +00:00
"availabilityImpact" : "PARTIAL"
2023-04-24 12:24:31 +02:00
} ,
"baseSeverity" : "HIGH" ,
"exploitabilityScore" : 10.0 ,
"impactScore" : 6.4 ,
"acInsufInfo" : false ,
"obtainAllPrivilege" : false ,
"obtainUserPrivilege" : false ,
"obtainOtherPrivilege" : false ,
"userInteractionRequired" : false
}
]
} ,
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-284"
}
]
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:powervc:1.2.0.0:*:*:*:express:*:*:*" ,
"matchCriteriaId" : "F235BE09-8C8A-47DB-8FEB-1DB75B033143"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:powervc:1.2.0.0:*:*:*:standard:*:*:*" ,
"matchCriteriaId" : "588EBB92-23C4-425B-9093-F776323B05F3"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:powervc:1.2.0.1:*:*:*:express:*:*:*" ,
"matchCriteriaId" : "603F587A-2B4B-4FCD-B0AD-EE07553CB485"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:powervc:1.2.0.1:*:*:*:standard:*:*:*" ,
"matchCriteriaId" : "AB78B5FF-E4F3-483D-A3BF-F2E2ED997DEF"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:powervc:1.2.0.2:*:*:*:express:*:*:*" ,
"matchCriteriaId" : "68534B6C-B5EC-4F62-AF41-DDCE3C10ACBD"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:powervc:1.2.0.2:*:*:*:standard:*:*:*" ,
"matchCriteriaId" : "C1626D53-458F-4EE2-9CA5-EFF2B819B5CB"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:powervc:1.2.0.3:*:*:*:express:*:*:*" ,
"matchCriteriaId" : "C9C4784D-B903-461C-9B50-0BD8BBE1FF41"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:powervc:1.2.0.3:*:*:*:standard:*:*:*" ,
"matchCriteriaId" : "12201638-3C87-480B-A5A1-371A1FB37056"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:powervc:1.2.0.4:*:*:*:express:*:*:*" ,
"matchCriteriaId" : "8AD60B84-BA59-4E27-9C77-DE7091C893DC"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:powervc:1.2.0.4:*:*:*:standard:*:*:*" ,
"matchCriteriaId" : "15A5BFD7-C09D-4636-88EB-ACAD7EB08197"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:powervc:1.2.1.0:*:*:*:express:*:*:*" ,
"matchCriteriaId" : "94DE7F8F-4A36-4A95-8E3E-0327CF37D5DD"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:powervc:1.2.1.0:*:*:*:standard:*:*:*" ,
"matchCriteriaId" : "0AEECF0E-682F-49A4-B54A-825F3EBF06F6"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:powervc:1.2.1.1:*:*:*:express:*:*:*" ,
"matchCriteriaId" : "BE08D50D-FCEA-4619-A695-C00871A335F8"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:powervc:1.2.1.2:*:*:*:express:*:*:*" ,
"matchCriteriaId" : "A8115E03-8219-4F50-9984-EBBFE543112B"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:powervc:1.2.1.2:*:*:*:standard:*:*:*" ,
"matchCriteriaId" : "2EADAFFB-D320-493C-96CB-4563A1EA0215"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:powervc:1.2.2.0:*:*:*:express:*:*:*" ,
"matchCriteriaId" : "6CAE632C-E7A1-49CC-9849-8909B45392D0"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:powervc:1.2.2.0:*:*:*:standard:*:*:*" ,
"matchCriteriaId" : "1D9515B2-1C8F-47D6-831B-8FF53286A557"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:powervc:1.2.2.1:*:*:*:express:*:*:*" ,
"matchCriteriaId" : "2418F07A-06DD-4738-B0F4-915237B07CC9"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:powervc:1.2.2.1:*:*:*:standard:*:*:*" ,
"matchCriteriaId" : "30A4C793-22FE-43AC-9118-D6EFCA23F384"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:powervc:1.2.2.2:*:*:*:express:*:*:*" ,
"matchCriteriaId" : "9479EFDE-AAC2-4271-B423-7E50F1CA153C"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:ibm:powervc:1.2.2.2:*:*:*:standard:*:*:*" ,
"matchCriteriaId" : "10BF0C56-B240-428C-9D3F-5A0E0D2D4B3B"
}
]
}
]
}
] ,
"references" : [
{
"url" : "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020731" ,
"source" : "psirt@us.ibm.com" ,
"tags" : [
"Patch" ,
"Vendor Advisory"
]
} ,
{
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08806" ,
"source" : "psirt@us.ibm.com"
} ,
{
"url" : "http://www.securityfocus.com/bid/74911" ,
"source" : "psirt@us.ibm.com"
2024-12-08 03:06:42 +00:00
} ,
{
"url" : "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020731" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Patch" ,
"Vendor Advisory"
]
} ,
{
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08806" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "http://www.securityfocus.com/bid/74911" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
2023-04-24 12:24:31 +02:00
}
]
}
