OpenStack Nova could allow an attacker to obtain sensitive information from logs.
CVEID: CVE-2017-7214
DESCRIPTION: Legacy notification exception contexts appearing in OpenStack Nova’s ERROR level logs may include sensitive information such as account passwords and authorization tokens.
CVSS Base Score: 7.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/123591> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
IBM PowerVC Standard Edition 1.3.0 through 1.3.0.2
IBM PowerVC Standard Edition 1.3.1 through 1.3.1.2
IBM PowerVC Standard Edition 1.3.2 through 1.3.2.1
IBM Cloud PowerVC Manager 1.3.1 through 1.3.0.2
IBM Cloud PowerVC Manager 1.3.2 through 1.3.0.1
Apply the appropriate fix from IBM Fix Central at <http://www.ibm.com/support/fixcentral/>
Product | VRMF | APAR | Remediation / Fix |
---|---|---|---|
IBM PowerVC Standard Edition | 1.3.0.2 | IT20665 | http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FPowerVC&fixids=Security-Fix-1.3.0.2-PowerVC-RHEL-NOARCH-APAR-IT20665&source=SAR |
IBM PowerVC Standard Edition | |||
IBM Cloud PowerVC Manager | 1.3.1.2 | IT20665 | http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FPowerVC&fixids=Security-Fix-1.3.1.2-PowerVC-RHEL-NOARCH-APAR-IT20665&source=SAR |
IBM PowerVC Standard Edition | |||
IBM Cloud PowerVC Manager | 1.3.2.1 | IT20665 | http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FPowerVC&fixids=Security-Fix-1.3.2.1-PowerVC-RHEL-NOARCH-APAR-IT20665&source=SAR |
Note: Interim fixes are made available for versions listed above. If your PowerVC installation is not at the listed VRMF, please update it before applying the interim fix.
None