An issue discovered in Openstack Nova can leak consoleauth tokens into log files which can be used by an attacker with access to service’s log files to gain additional access in to the Openstack based deployment.
CVEID:CVE-2015-9543
**DESCRIPTION:**OpenStack Nova could allow a remote authenticated attacker to obtain sensitive information, caused by the leaking of consoleauth tokens into log files. By gaining access to the log files, an attacker could exploit this vulnerability to obtain consoleauth tokens information, and use this information to launch further attacks against the affected system.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/176494 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM PowerVC Standard | 1.4.3 |
IBM Cloud PowerVC Manager | 1.4.3 |
Product(s) | VRMF | APAR | Remediation |
---|---|---|---|
IBM PowerVC Standard | |||
and | |||
IBM Cloud PowerVC Manager | 1.4.3 | IT33212 | https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/PowerVC&release=1.4.3.1&platform=All&function=aparId&apars=IT33212 |
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm cloud powervc manager | eq | 1.4.3 |