Описание
IBM PowerVC 1.2.0.x through 1.2.0.4, 1.2.1.x through 1.2.1.2, and 1.2.2.x through 1.2.2.2 does not require authentication for the ceilometer NoSQL database, which allows remote attackers to read or write to arbitrary database records, and consequently obtain administrator privileges, via a session on port 27017.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:ibm:powervc:1.2.0.0:*:*:*:express:*:*:*
cpe:2.3:a:ibm:powervc:1.2.0.0:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:powervc:1.2.0.1:*:*:*:express:*:*:*
cpe:2.3:a:ibm:powervc:1.2.0.1:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:powervc:1.2.0.2:*:*:*:express:*:*:*
cpe:2.3:a:ibm:powervc:1.2.0.2:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:powervc:1.2.0.3:*:*:*:express:*:*:*
cpe:2.3:a:ibm:powervc:1.2.0.3:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:powervc:1.2.0.4:*:*:*:express:*:*:*
cpe:2.3:a:ibm:powervc:1.2.0.4:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:powervc:1.2.1.0:*:*:*:express:*:*:*
cpe:2.3:a:ibm:powervc:1.2.1.0:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:powervc:1.2.1.1:*:*:*:express:*:*:*
cpe:2.3:a:ibm:powervc:1.2.1.2:*:*:*:express:*:*:*
cpe:2.3:a:ibm:powervc:1.2.1.2:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:powervc:1.2.2.0:*:*:*:express:*:*:*
cpe:2.3:a:ibm:powervc:1.2.2.0:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:powervc:1.2.2.1:*:*:*:express:*:*:*
cpe:2.3:a:ibm:powervc:1.2.2.1:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:powervc:1.2.2.2:*:*:*:express:*:*:*
cpe:2.3:a:ibm:powervc:1.2.2.2:*:*:*:standard:*:*:*
EPSS
Процентиль: 73%
0.00769
Низкий
7.5 High
CVSS2
Дефекты
CWE-284
Связанные уязвимости
github
больше 3 лет назад
IBM PowerVC 1.2.0.x through 1.2.0.4, 1.2.1.x through 1.2.1.2, and 1.2.2.x through 1.2.2.2 does not require authentication for the ceilometer NoSQL database, which allows remote attackers to read or write to arbitrary database records, and consequently obtain administrator privileges, via a session on port 27017.
EPSS
Процентиль: 73%
0.00769
Низкий
7.5 High
CVSS2
Дефекты
CWE-284