101 matches found
Command injection
powervc-iso-import in IBM PowerVC 1.2.0.x before 1.2.0.4 and 1.2.1.x before 1.2.2 places an access token on the command line during IVM and PowerKVM management, which allows local users to obtain sensitive information by listing the process...
Code injection
IBM PowerVC Standard 1.2.0.x before 1.2.0.4 and 1.2.1.x before 1.2.2 validates Hardware Management Console HMC certificates only during the pre-login stage, which allows man-in-the-middle attackers to spoof devices via a crafted certificate...
CVE-2015-0136
CVE-2015-0136 (IBM PowerVC) affects powervc-iso-import in IBM PowerVC 1.2.0.x before 1.2.0.4 and 1.2.1.x before 1.2.2. The root cause is that an access token is placed on the command line during IVM and PowerKVM management, enabling local users to learn sensitive information by listing the proces...
IBM PowerVC Standard Man-in-the-Middle Attack Vulnerability
IBM PowerVC is a suite of virtualization management solutions from IBM USA. The solution supports virtual system management, virtual image management and deployment, and virtual workload management. A security vulnerability exists in IBM PowerVC versions 1.2.0.0 to 1.2.0.3 and 1.2.1.0 to 1.2.1.2,...
CVE-2015-0137
IBM PowerVC Standard 1.2.0.x before 1.2.0.4 and 1.2.1.x before 1.2.2 validates Hardware Management Console HMC certificates only during the pre-login stage, which allows man-in-the-middle attackers to spoof devices via a crafted certificate...
CVE-2015-0136
powervc-iso-import in IBM PowerVC 1.2.0.x before 1.2.0.4 and 1.2.1.x before 1.2.2 places an access token on the command line during IVM and PowerKVM management, which allows local users to obtain sensitive information by listing the process...
CVE-2015-0137
IBM PowerVC Standard 1.2.0.x before 1.2.0.4 and 1.2.1.x before 1.2.2 fail to validate HMC certificates at login, enabling MITM via crafted certificates to spoof devices. Affected: IBM PowerVC PowerVC Management Console certificate validation during pre-login. Root cause: inadequate certificate va...
IBM PowerVC Information Disclosure Vulnerability
IBM PowerVC is a suite of virtualization management solutions from IBM USA. The solution supports virtual system management, virtual image management and deployment, and virtual workload management. A security vulnerability exists in the powervc-iso-import command in IBM PowerVC versions 1.2.0.0 ...
KLA10489 Multiple vulnerabilities in IBM PowerVC
Multiple vulnerabilities have been found in IBM PowerVC. Malicious users can exploit these vulnerabilities to spoof user interface or obtain sensitive information. Below is a complete list of vulnerabilities 1. Improper certificate validation can be exploited remotely via a specially designed...
CVE-2014-3093
IBM PowerVC 1.2.0 before FP3 and 1.2.1 before FP2 uses cleartext passwords in 1 api-paste.ini, 2 debug logs, 3 the installation process, 4 environment checks, 5 powervc-ldap-config, 6 powervc-restore, and 7 powervc-diag, which allows local users to obtain sensitive information by entering a ps...
CVE-2014-3093
IBM PowerVC versions 1.2.0 before FP3 and 1.2.1 before FP2 are affected. The issue involves cleartext passwords being stored/accessed in multiple locations (api-paste.ini, debug logs, installation process, environment checks, powervc-ldap-config, powervc-restore, powervc-diag), allowing local use...
CVE-2014-3093
IBM PowerVC 1.2.0 before FP3 and 1.2.1 before FP2 uses cleartext passwords in 1 api-paste.ini, 2 debug logs, 3 the installation process, 4 environment checks, 5 powervc-ldap-config, 6 powervc-restore, and 7 powervc-diag, which allows local users to obtain sensitive information by entering a ps...
Command injection
IBM PowerVC 1.2.0 before FP3 and 1.2.1 before FP2 uses cleartext passwords in 1 api-paste.ini, 2 debug logs, 3 the installation process, 4 environment checks, 5 powervc-ldap-config, 6 powervc-restore, and 7 powervc-diag, which allows local users to obtain sensitive information by entering a ps...
CVE-2014-4749
IBM PowerVC 1.2.0 before FixPack3 does not properly use the knownhosts file, which allows man-in-the-middle attackers to spoof SSH servers via an arbitrary server key...
CVE-2014-4750
IBM PowerVC Express Edition 1.2.0 before FixPack3 establishes an FTP session for transferring files to a managed IVM, which allows remote attackers to discover credentials by sniffing the network...
Code injection
IBM PowerVC Express Edition 1.2.0 before FixPack3 establishes an FTP session for transferring files to a managed IVM, which allows remote attackers to discover credentials by sniffing the network...
Code injection
IBM PowerVC 1.2.0 before FixPack3 does not properly use the knownhosts file, which allows man-in-the-middle attackers to spoof SSH servers via an arbitrary server key...
CVE-2014-4750
IBM PowerVC Express Edition 1.2.0 before FixPack3 establishes an FTP session for transferring files to a managed IVM, which allows remote attackers to discover credentials by sniffing the network...
CVE-2014-4750
CVE-2014-4750 affects IBM PowerVC Express Edition 1.2.0 before FixPack3. The issue is that an FTP session used to transfer files to a managed IVM can allow an attacker to sniff network traffic and discover credentials, impacting confidentiality. The vulnerability description indicates the root ca...
CVE-2014-4749
IBM PowerVC 1.2.0 before FixPack3 does not properly use the knownhosts file, which allows man-in-the-middle attackers to spoof SSH servers via an arbitrary server key...