IBM709B692A763B341698267EC1BB76AB08763F4BB2927C89ACCD02AF8EA0F05269Security Bulletin: PowerVC is impacted by information leakage from nova APIs during external exception (CVE-2019-14433)
0.001 Low
EPSS
Percentile
47.2%
Summary
If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response and could include sensitive configuration or other data.
Vulnerability Details
CVEID:CVE-2019-14433
**DESCRIPTION:**OpenStack Compute (nova) could allow a remote authenticated attacker to obtain sensitive information, caused by improper exception handling. By sending a specially-crafted API request, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/164987 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM PowerVC Standard | 1.4.2 |
| IBM PowerVC Standard | 1.4.3 |
| IBM Cloud PowerVC Manager | 1.4.2 |
| IBM Cloud PowerVC Manager | 1.4.3 |
Remediation/Fixes
| Product(s) | VRMF | APAR | Remediation |
|---|
IBM PowerVC Standard
and
IBM Cloud PowerVC Manager | 1.4.2| IT32106| https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/PowerVC&release=1.4.2.1&platform=All&function=textSearch&text=APAR+IT32104_IT32106
IBM PowerVC Standard
and
IBM Cloud PowerVC Manage| 1.4.3| IT32106| https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/PowerVC&release=1.4.3.1&platform=All&function=textSearch&text=APAR+IT32104_IT32106
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm cloud powervc manager | eq | 1.4.2 | |
| ibm cloud powervc manager | eq | 1.4.3 |
Related
0.001 Low
EPSS
Percentile
47.2%