exploitDog

CVE-2015-1890

Опубликовано: 06 апр. 2015

Источник: nvd

CVSS2: 3.5

EPSS Низкий

Описание

/usr/lpp/mmfs/bin/gpfs.snap in IBM General Parallel File System (GPFS) 4.1 before 4.1.0.7 produces an archive potentially containing cleartext keys, and lacks a warning about reviewing this archive to detect included keys, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream.

Ссылки

http://www.ibm.com/support/docview.wss?uid=isg3T1022077
Patch
Vendor Advisory
http://www.securityfocus.com/bid/73918
Third Party Advisory
VDB Entry
http://www.ibm.com/support/docview.wss?uid=isg3T1022077
Patch
Vendor Advisory
http://www.securityfocus.com/bid/73918
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ibm:general_parallel_file_system:4.1:*:*:*:*:*:*:*

EPSS

Процентиль: 36%

0.00152

Низкий

3.5 Low

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-8w4f-3765-r94w

github

больше 3 лет назад

/usr/lpp/mmfs/bin/gpfs.snap in IBM General Parallel File System (GPFS) 4.1 before 4.1.0.7 produces an archive potentially containing cleartext keys, and lacks a warning about reviewing this archive to detect included keys, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream.

EPSS

Процентиль: 36%

0.00152

Низкий

3.5 Low

CVSS2

Дефекты

CWE-200