IBM18C7EAC11AEDDD62213D34E40277591094A17EEC280E55A22047FE8B945C15B5Security Bulletin: PowerVC is impacted by an Openstack Nova vulnerability which could leak consoleauth tokens into log files (CVE-2015-9543)
0.0004 Low
EPSS
Percentile
15.7%
Summary
An issue discovered in Openstack Nova can leak consoleauth tokens into log files which can be used by an attacker with access to service’s log files to gain additional access in to the Openstack based deployment.
Vulnerability Details
CVEID:CVE-2015-9543
**DESCRIPTION:**OpenStack Nova could allow a remote authenticated attacker to obtain sensitive information, caused by the leaking of consoleauth tokens into log files. By gaining access to the log files, an attacker could exploit this vulnerability to obtain consoleauth tokens information, and use this information to launch further attacks against the affected system.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/176494 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM PowerVC Standard | 1.4.3 |
| IBM Cloud PowerVC Manager | 1.4.3 |
Remediation/Fixes
| Product(s) | VRMF | APAR | Remediation |
|---|---|---|---|
| IBM PowerVC Standard | |||
| and | |||
| IBM Cloud PowerVC Manager | 1.4.3 | IT33212 | https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/PowerVC&release=1.4.3.1&platform=All&function=aparId&apars=IT33212 |
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm cloud powervc manager | eq | 1.4.3 |
Related
0.0004 Low
EPSS
Percentile
15.7%