CVE-2015-0136

IBM PowerVC 1.2.0.x-1.2.0.3 and 1.2.1.x-1.2.1.x - Exposure of Sensitive Information via Command Line Token

Title source: llm
STIX 2.1

Description

powervc-iso-import in IBM PowerVC 1.2.0.x before 1.2.0.4 and 1.2.1.x before 1.2.2 places an access token on the command line during IVM and PowerKVM management, which allows local users to obtain sensitive information by listing the process.

References (1)

Core 1
Core References

Scores

EPSS 0.0041
EPSS Percentile 32.8%

Details

CWE
CWE-200
Status published
Products (6)
ibm/powervc 1.2.0.0 (2 CPE variants)
ibm/powervc 1.2.0.1 (2 CPE variants)
ibm/powervc 1.2.0.2 (2 CPE variants)
ibm/powervc 1.2.0.3 (2 CPE variants)
ibm/powervc 1.2.1.0 (2 CPE variants)
ibm/powervc 1.2.1.1 (2 CPE variants)
Published Mar 24, 2015
Tracked Since Feb 18, 2026