CVE-2015-1937

IBM PowerVC 1.2.0.x-1.2.0.4, 1.2.1.x-1.2.1.2, 1.2.2.x-1.2.2.2 - Unauthenticated NoSQL Database Access via Port 27017

Title source: llm
STIX 2.1

Description

IBM PowerVC 1.2.0.x through 1.2.0.4, 1.2.1.x through 1.2.1.2, and 1.2.2.x through 1.2.2.2 does not require authentication for the ceilometer NoSQL database, which allows remote attackers to read or write to arbitrary database records, and consequently obtain administrator privileges, via a session on port 27017.

References (3)

Core 3
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020731
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/74911
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IT08806

Scores

EPSS 0.0166
EPSS Percentile 73.8%

Details

CWE
CWE-284
Status published
Products (11)
ibm/powervc 1.2.0.0 (2 CPE variants)
ibm/powervc 1.2.0.1 (2 CPE variants)
ibm/powervc 1.2.0.2 (2 CPE variants)
ibm/powervc 1.2.0.3 (2 CPE variants)
ibm/powervc 1.2.0.4 (2 CPE variants)
ibm/powervc 1.2.1.0 (2 CPE variants)
ibm/powervc 1.2.1.1
ibm/powervc 1.2.1.2 (2 CPE variants)
ibm/powervc 1.2.2.0 (2 CPE variants)
ibm/powervc 1.2.2.1 (2 CPE variants)
... and 1 more
Published May 30, 2015
Tracked Since Feb 18, 2026