Vulnerability Details CVE-2015-1937
IBM PowerVC 1.2.0.x through 1.2.0.4, 1.2.1.x through 1.2.1.2, and 1.2.2.x through 1.2.2.2 does not require authentication for the ceilometer NoSQL database, which allows remote attackers to read or write to arbitrary database records, and consequently obtain administrator privileges, via a session on port 27017.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 72.5%
CVSS Severity
CVSS v2 Score 7.5
References
- http://www-01.ibm.com/support/docview.wss?uid=nas8N1020731
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT08806
- http://www.securityfocus.com/bid/74911
- http://www-01.ibm.com/support/docview.wss?uid=nas8N1020731
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT08806
- http://www.securityfocus.com/bid/74911
Products affected by CVE-2015-1937
-
cpe:2.3:a:ibm:powervc:1.2.0.0
-
cpe:2.3:a:ibm:powervc:1.2.0.1
-
cpe:2.3:a:ibm:powervc:1.2.0.2
-
cpe:2.3:a:ibm:powervc:1.2.0.3
-
cpe:2.3:a:ibm:powervc:1.2.0.4
-
cpe:2.3:a:ibm:powervc:1.2.1.0
-
cpe:2.3:a:ibm:powervc:1.2.1.1
-
cpe:2.3:a:ibm:powervc:1.2.1.2
-
cpe:2.3:a:ibm:powervc:1.2.2.0
-
cpe:2.3:a:ibm:powervc:1.2.2.1
-
cpe:2.3:a:ibm:powervc:1.2.2.2