CVE-2015-0136
IBM PowerVC 1.2.0.x-1.2.0.3 and 1.2.1.x-1.2.1.x - Exposure of Sensitive Information via Command Line Token
Title source: llmDescription
powervc-iso-import in IBM PowerVC 1.2.0.x before 1.2.0.4 and 1.2.1.x before 1.2.2 places an access token on the command line during IVM and PowerKVM management, which allows local users to obtain sensitive information by listing the process.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020608
Scores
EPSS
0.0041
EPSS Percentile
32.8%
Details
CWE
CWE-200
Status
published
Products (6)
ibm/powervc
1.2.0.0 (2 CPE variants)
ibm/powervc
1.2.0.1 (2 CPE variants)
ibm/powervc
1.2.0.2 (2 CPE variants)
ibm/powervc
1.2.0.3 (2 CPE variants)
ibm/powervc
1.2.1.0 (2 CPE variants)
ibm/powervc
1.2.1.1 (2 CPE variants)
Published
Mar 24, 2015
Tracked Since
Feb 18, 2026