{ "id": "CVE-2015-1937", "sourceIdentifier": "psirt@us.ibm.com", "published": "2015-05-30T19:59:02.740", "lastModified": "2016-11-30T03:00:10.433", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "IBM PowerVC 1.2.0.x through 1.2.0.4, 1.2.1.x through 1.2.1.2, and 1.2.2.x through 1.2.2.2 does not require authentication for the ceilometer NoSQL database, which allows remote attackers to read or write to arbitrary database records, and consequently obtain administrator privileges, via a session on port 27017." }, { "lang": "es", "value": "IBM PowerVC 1.2.0.x hasta 1.2.0.4, 1.2.1.x hasta 1.2.1.2, y 1.2.2.x hasta 1.2.2.2 no requiere autenticaci\u00f3n para la base de datos del NoSQL ciel\u00f3metro, lo que permite a atacantes remotos leer o escribir en registros arbitrarios de la base de datos, y como consecuencia obtener privilegios administrativos, a trav\u00e9s de una sesi\u00f3n en el puerto 27017." } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 7.5 }, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-284" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:powervc:1.2.0.0:*:*:*:express:*:*:*", "matchCriteriaId": "F235BE09-8C8A-47DB-8FEB-1DB75B033143" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:powervc:1.2.0.0:*:*:*:standard:*:*:*", "matchCriteriaId": "588EBB92-23C4-425B-9093-F776323B05F3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:powervc:1.2.0.1:*:*:*:express:*:*:*", "matchCriteriaId": "603F587A-2B4B-4FCD-B0AD-EE07553CB485" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:powervc:1.2.0.1:*:*:*:standard:*:*:*", "matchCriteriaId": "AB78B5FF-E4F3-483D-A3BF-F2E2ED997DEF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:powervc:1.2.0.2:*:*:*:express:*:*:*", "matchCriteriaId": "68534B6C-B5EC-4F62-AF41-DDCE3C10ACBD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:powervc:1.2.0.2:*:*:*:standard:*:*:*", "matchCriteriaId": "C1626D53-458F-4EE2-9CA5-EFF2B819B5CB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:powervc:1.2.0.3:*:*:*:express:*:*:*", "matchCriteriaId": "C9C4784D-B903-461C-9B50-0BD8BBE1FF41" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:powervc:1.2.0.3:*:*:*:standard:*:*:*", "matchCriteriaId": "12201638-3C87-480B-A5A1-371A1FB37056" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:powervc:1.2.0.4:*:*:*:express:*:*:*", "matchCriteriaId": "8AD60B84-BA59-4E27-9C77-DE7091C893DC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:powervc:1.2.0.4:*:*:*:standard:*:*:*", "matchCriteriaId": "15A5BFD7-C09D-4636-88EB-ACAD7EB08197" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:powervc:1.2.1.0:*:*:*:express:*:*:*", "matchCriteriaId": "94DE7F8F-4A36-4A95-8E3E-0327CF37D5DD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:powervc:1.2.1.0:*:*:*:standard:*:*:*", "matchCriteriaId": "0AEECF0E-682F-49A4-B54A-825F3EBF06F6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:powervc:1.2.1.1:*:*:*:express:*:*:*", "matchCriteriaId": "BE08D50D-FCEA-4619-A695-C00871A335F8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:powervc:1.2.1.2:*:*:*:express:*:*:*", "matchCriteriaId": "A8115E03-8219-4F50-9984-EBBFE543112B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:powervc:1.2.1.2:*:*:*:standard:*:*:*", "matchCriteriaId": "2EADAFFB-D320-493C-96CB-4563A1EA0215" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:powervc:1.2.2.0:*:*:*:express:*:*:*", "matchCriteriaId": "6CAE632C-E7A1-49CC-9849-8909B45392D0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:powervc:1.2.2.0:*:*:*:standard:*:*:*", "matchCriteriaId": "1D9515B2-1C8F-47D6-831B-8FF53286A557" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:powervc:1.2.2.1:*:*:*:express:*:*:*", "matchCriteriaId": "2418F07A-06DD-4738-B0F4-915237B07CC9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:powervc:1.2.2.1:*:*:*:standard:*:*:*", "matchCriteriaId": "30A4C793-22FE-43AC-9118-D6EFCA23F384" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:powervc:1.2.2.2:*:*:*:express:*:*:*", "matchCriteriaId": "9479EFDE-AAC2-4271-B423-7E50F1CA153C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ibm:powervc:1.2.2.2:*:*:*:standard:*:*:*", "matchCriteriaId": "10BF0C56-B240-428C-9D3F-5A0E0D2D4B3B" } ] } ] } ], "references": [ { "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020731", "source": "psirt@us.ibm.com", "tags": [ "Patch", "Vendor Advisory" ] }, { "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08806", "source": "psirt@us.ibm.com" }, { "url": "http://www.securityfocus.com/bid/74911", "source": "psirt@us.ibm.com" } ] }