Описание
IBM PowerVC Standard Edition 1.2.2.1 through 1.2.2.2 does not require authentication for access to the Python interpreter with nova credentials, which allows KVM guest OS users to discover certain PowerVC credentials and bypass intended access restrictions via unspecified Python code.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:ibm:powervc:1.2.2.1:*:*:*:standard:*:*:*
cpe:2.3:a:ibm:powervc:1.2.2.2:*:*:*:standard:*:*:*
EPSS
Процентиль: 23%
0.00075
Низкий
4.6 Medium
CVSS2
Дефекты
CWE-255
Связанные уязвимости
github
больше 3 лет назад
IBM PowerVC Standard Edition 1.2.2.1 through 1.2.2.2 does not require authentication for access to the Python interpreter with nova credentials, which allows KVM guest OS users to discover certain PowerVC credentials and bypass intended access restrictions via unspecified Python code.
EPSS
Процентиль: 23%
0.00075
Низкий
4.6 Medium
CVSS2
Дефекты
CWE-255