IBM PowerVC 1.2.0.x up to and including 1.2.0.4, 1.2.1.x up to and including 1.2.1.2, and 1.2.2.x up to and including 1.2.2.2 does not require authentication for the ceilometer NoSQL database, which allows remote malicious users to read or write to arbitrary database records, and consequently obtain administrator privileges, via a session on port 27017.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm powervc 1.2.0.0 |
||
ibm powervc 1.2.0.3 |
||
ibm powervc 1.2.0.4 |
||
ibm powervc 1.2.2.0 |
||
ibm powervc 1.2.0.2 |
||
ibm powervc 1.2.1.2 |
||
ibm powervc 1.2.0.1 |
||
ibm powervc 1.2.1.0 |
||
ibm powervc 1.2.2.1 |
||
ibm powervc 1.2.1.1 |
||
ibm powervc 1.2.2.2 |