If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response and could include sensitive configuration or other data.
CVEID:CVE-2019-14433
**DESCRIPTION:**OpenStack Compute (nova) could allow a remote authenticated attacker to obtain sensitive information, caused by improper exception handling. By sending a specially-crafted API request, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/164987 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM PowerVC Standard | 1.4.2 |
IBM PowerVC Standard | 1.4.3 |
IBM Cloud PowerVC Manager | 1.4.2 |
IBM Cloud PowerVC Manager | 1.4.3 |
Product(s) | VRMF | APAR | Remediation |
---|
IBM PowerVC Standard
and
IBM Cloud PowerVC Manager | 1.4.2| IT32106| https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/PowerVC&release=1.4.2.1&platform=All&function=textSearch&text=APAR+IT32104_IT32106
IBM PowerVC Standard
and
IBM Cloud PowerVC Manage| 1.4.3| IT32106| https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/PowerVC&release=1.4.3.1&platform=All&function=textSearch&text=APAR+IT32104_IT32106
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm cloud powervc manager | eq | 1.4.2 | |
ibm cloud powervc manager | eq | 1.4.3 |