What is the severity of CVE-2015-1890?

CVE-2015-1890 is classified as a medium severity vulnerability due to the risk of exposing sensitive information.

How do I fix CVE-2015-1890?

You can mitigate CVE-2015-1890 by upgrading IBM General Parallel File System to version 4.1.0.7 or later.

What vulnerabilities does CVE-2015-1890 expose?

CVE-2015-1890 exposes the risk of remote attackers obtaining sensitive information due to cleartext keys in the archive.

Does CVE-2015-1890 affect all versions of IBM GPFS?

CVE-2015-1890 specifically affects IBM GPFS version 4.1 prior to version 4.1.0.7.

Is there a warning included in the CVE-2015-1890 snapshot tool?

CVE-2015-1890 lacks a warning about reviewing the generated archive for sensitive cleartext keys.

Vulnerability/
CVE-2015-1890

low

3.5

CWE

200

6/4/2015

4/8/2016

CVE-2015-1890: Infoleak

First published: Mon Apr 06 2015(Updated: )

/usr/lpp/mmfs/bin/gpfs.snap in IBM General Parallel File System (GPFS) 4.1 before 4.1.0.7 produces an archive potentially containing cleartext keys, and lacks a warning about reviewing this archive to detect included keys, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM General Parallel File System	=4.1

Remedy

http://www.ibm.com/support/docview.wss?uid=isg3T1022077

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2015-1890?
CVE-2015-1890 is classified as a medium severity vulnerability due to the risk of exposing sensitive information.
How do I fix CVE-2015-1890?
You can mitigate CVE-2015-1890 by upgrading IBM General Parallel File System to version 4.1.0.7 or later.
What vulnerabilities does CVE-2015-1890 expose?
CVE-2015-1890 exposes the risk of remote attackers obtaining sensitive information due to cleartext keys in the archive.
Does CVE-2015-1890 affect all versions of IBM GPFS?
CVE-2015-1890 specifically affects IBM GPFS version 4.1 prior to version 4.1.0.7.
Is there a warning included in the CVE-2015-1890 snapshot tool?
CVE-2015-1890 lacks a warning about reviewing the generated archive for sensitive cleartext keys.

collector/nvd-index
agent/references
agent/severity
agent/author
agent/weakness
agent/type
agent/tags
agent/event
agent/description
vendor/ibm
canonical/ibm general parallel file system
version/ibm general parallel file system/4.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Frequently Asked Questions

What is the severity of CVE-2015-1890?
CVE-2015-1890 is classified as a medium severity vulnerability due to the risk of exposing sensitive information.
How do I fix CVE-2015-1890?
You can mitigate CVE-2015-1890 by upgrading IBM General Parallel File System to version 4.1.0.7 or later.
What vulnerabilities does CVE-2015-1890 expose?
CVE-2015-1890 exposes the risk of remote attackers obtaining sensitive information due to cleartext keys in the archive.
Does CVE-2015-1890 affect all versions of IBM GPFS?
CVE-2015-1890 specifically affects IBM GPFS version 4.1 prior to version 4.1.0.7.
Is there a warning included in the CVE-2015-1890 snapshot tool?
CVE-2015-1890 lacks a warning about reviewing the generated archive for sensitive cleartext keys.