First published: Sat May 30 2015(Updated: )
IBM PowerVC 1.2.0.x through 1.2.0.4, 1.2.1.x through 1.2.1.2, and 1.2.2.x through 1.2.2.2 does not require authentication for the ceilometer NoSQL database, which allows remote attackers to read or write to arbitrary database records, and consequently obtain administrator privileges, via a session on port 27017.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM PowerVC | =1.2.0.0 | |
IBM PowerVC | =1.2.0.0 | |
IBM PowerVC | =1.2.0.1 | |
IBM PowerVC | =1.2.0.1 | |
IBM PowerVC | =1.2.0.2 | |
IBM PowerVC | =1.2.0.2 | |
IBM PowerVC | =1.2.0.3 | |
IBM PowerVC | =1.2.0.3 | |
IBM PowerVC | =1.2.0.4 | |
IBM PowerVC | =1.2.0.4 | |
IBM PowerVC | =1.2.1.0 | |
IBM PowerVC | =1.2.1.0 | |
IBM PowerVC | =1.2.1.1 | |
IBM PowerVC | =1.2.1.2 | |
IBM PowerVC | =1.2.1.2 | |
IBM PowerVC | =1.2.2.0 | |
IBM PowerVC | =1.2.2.0 | |
IBM PowerVC | =1.2.2.1 | |
IBM PowerVC | =1.2.2.1 | |
IBM PowerVC | =1.2.2.2 | |
IBM PowerVC | =1.2.2.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.