CVE-2015-1937
IBM PowerVC 1.2.0.x-1.2.0.4, 1.2.1.x-1.2.1.2, 1.2.2.x-1.2.2.2 - Unauthenticated NoSQL Database Access via Port 27017
Title source: llmDescription
IBM PowerVC 1.2.0.x through 1.2.0.4, 1.2.1.x through 1.2.1.2, and 1.2.2.x through 1.2.2.2 does not require authentication for the ceilometer NoSQL database, which allows remote attackers to read or write to arbitrary database records, and consequently obtain administrator privileges, via a session on port 27017.
References (3)
Core 3
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020731
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/74911
Various Sources vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IT08806
Scores
EPSS
0.0166
EPSS Percentile
73.8%
Details
CWE
CWE-284
Status
published
Products (11)
ibm/powervc
1.2.0.0 (2 CPE variants)
ibm/powervc
1.2.0.1 (2 CPE variants)
ibm/powervc
1.2.0.2 (2 CPE variants)
ibm/powervc
1.2.0.3 (2 CPE variants)
ibm/powervc
1.2.0.4 (2 CPE variants)
ibm/powervc
1.2.1.0 (2 CPE variants)
ibm/powervc
1.2.1.1
ibm/powervc
1.2.1.2 (2 CPE variants)
ibm/powervc
1.2.2.0 (2 CPE variants)
ibm/powervc
1.2.2.1 (2 CPE variants)
... and 1 more
Published
May 30, 2015
Tracked Since
Feb 18, 2026