CVE-2015-1937

{"id": "CVE-2015-1937", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-05-30T19:59:02.740", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020731", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08806", "source": "psirt@us.ibm.com"}, {"url": "http://www.securityfocus.com/bid/74911", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020731", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08806", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/74911", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "IBM PowerVC 1.2.0.x through 1.2.0.4, 1.2.1.x through 1.2.1.2, and 1.2.2.x through 1.2.2.2 does not require authentication for the ceilometer NoSQL database, which allows remote attackers to read or write to arbitrary database records, and consequently obtain administrator privileges, via a session on port 27017."}, {"lang": "es", "value": "IBM PowerVC 1.2.0.x hasta 1.2.0.4, 1.2.1.x hasta 1.2.1.2, y 1.2.2.x hasta 1.2.2.2 no requiere autenticaci\u00f3n para la base de datos del NoSQL ciel\u00f3metro, lo que permite a atacantes remotos leer o escribir en registros arbitrarios de la base de datos, y como consecuencia obtener privilegios administrativos, a trav\u00e9s de una sesi\u00f3n en el puerto 27017."}], "lastModified": "2024-11-21T02:26:26.420", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:powervc:1.2.0.0:*:*:*:express:*:*:*", "vulnerable": true, "matchCriteriaId": "F235BE09-8C8A-47DB-8FEB-1DB75B033143"}, {"criteria": "cpe:2.3:a:ibm:powervc:1.2.0.0:*:*:*:standard:*:*:*", "vulnerable": true, "matchCriteriaId": "588EBB92-23C4-425B-9093-F776323B05F3"}, {"criteria": "cpe:2.3:a:ibm:powervc:1.2.0.1:*:*:*:express:*:*:*", "vulnerable": true, "matchCriteriaId": "603F587A-2B4B-4FCD-B0AD-EE07553CB485"}, {"criteria": "cpe:2.3:a:ibm:powervc:1.2.0.1:*:*:*:standard:*:*:*", "vulnerable": true, "matchCriteriaId": "AB78B5FF-E4F3-483D-A3BF-F2E2ED997DEF"}, {"criteria": "cpe:2.3:a:ibm:powervc:1.2.0.2:*:*:*:express:*:*:*", "vulnerable": true, "matchCriteriaId": "68534B6C-B5EC-4F62-AF41-DDCE3C10ACBD"}, {"criteria": "cpe:2.3:a:ibm:powervc:1.2.0.2:*:*:*:standard:*:*:*", "vulnerable": true, "matchCriteriaId": "C1626D53-458F-4EE2-9CA5-EFF2B819B5CB"}, {"criteria": "cpe:2.3:a:ibm:powervc:1.2.0.3:*:*:*:express:*:*:*", "vulnerable": true, "matchCriteriaId": "C9C4784D-B903-461C-9B50-0BD8BBE1FF41"}, {"criteria": "cpe:2.3:a:ibm:powervc:1.2.0.3:*:*:*:standard:*:*:*", "vulnerable": true, "matchCriteriaId": "12201638-3C87-480B-A5A1-371A1FB37056"}, {"criteria": "cpe:2.3:a:ibm:powervc:1.2.0.4:*:*:*:express:*:*:*", "vulnerable": true, "matchCriteriaId": "8AD60B84-BA59-4E27-9C77-DE7091C893DC"}, {"criteria": "cpe:2.3:a:ibm:powervc:1.2.0.4:*:*:*:standard:*:*:*", "vulnerable": true, "matchCriteriaId": "15A5BFD7-C09D-4636-88EB-ACAD7EB08197"}, {"criteria": "cpe:2.3:a:ibm:powervc:1.2.1.0:*:*:*:express:*:*:*", "vulnerable": true, "matchCriteriaId": "94DE7F8F-4A36-4A95-8E3E-0327CF37D5DD"}, {"criteria": "cpe:2.3:a:ibm:powervc:1.2.1.0:*:*:*:standard:*:*:*", "vulnerable": true, "matchCriteriaId": "0AEECF0E-682F-49A4-B54A-825F3EBF06F6"}, {"criteria": "cpe:2.3:a:ibm:powervc:1.2.1.1:*:*:*:express:*:*:*", "vulnerable": true, "matchCriteriaId": "BE08D50D-FCEA-4619-A695-C00871A335F8"}, {"criteria": "cpe:2.3:a:ibm:powervc:1.2.1.2:*:*:*:express:*:*:*", "vulnerable": true, "matchCriteriaId": "A8115E03-8219-4F50-9984-EBBFE543112B"}, {"criteria": "cpe:2.3:a:ibm:powervc:1.2.1.2:*:*:*:standard:*:*:*", "vulnerable": true, "matchCriteriaId": "2EADAFFB-D320-493C-96CB-4563A1EA0215"}, {"criteria": "cpe:2.3:a:ibm:powervc:1.2.2.0:*:*:*:express:*:*:*", "vulnerable": true, "matchCriteriaId": "6CAE632C-E7A1-49CC-9849-8909B45392D0"}, {"criteria": "cpe:2.3:a:ibm:powervc:1.2.2.0:*:*:*:standard:*:*:*", "vulnerable": true, "matchCriteriaId": "1D9515B2-1C8F-47D6-831B-8FF53286A557"}, {"criteria": "cpe:2.3:a:ibm:powervc:1.2.2.1:*:*:*:express:*:*:*", "vulnerable": true, "matchCriteriaId": "2418F07A-06DD-4738-B0F4-915237B07CC9"}, {"criteria": "cpe:2.3:a:ibm:powervc:1.2.2.1:*:*:*:standard:*:*:*", "vulnerable": true, "matchCriteriaId": "30A4C793-22FE-43AC-9118-D6EFCA23F384"}, {"criteria": "cpe:2.3:a:ibm:powervc:1.2.2.2:*:*:*:express:*:*:*", "vulnerable": true, "matchCriteriaId": "9479EFDE-AAC2-4271-B423-7E50F1CA153C"}, {"criteria": "cpe:2.3:a:ibm:powervc:1.2.2.2:*:*:*:standard:*:*:*", "vulnerable": true, "matchCriteriaId": "10BF0C56-B240-428C-9D3F-5A0E0D2D4B3B"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}