3 matches found
Security Bulletin: Ceilometer database access unrestricted in PowerVC (CVE-2015-1937)
Summary IBM PowerVC is using a ceilometer database that does not have authentication enabled. Vulnerability Details CVEID: CVE-2015-1937 DESCRIPTION: IBM PowerVC NoSQL database used by ceilometer is listening on the remote port and is configured to allow connections without any authentication. A...
CVE-2015-1937
IBM PowerVC 1.2.0.x through 1.2.0.4, 1.2.1.x through 1.2.1.2, and 1.2.2.x through 1.2.2.2 does not require authentication for the ceilometer NoSQL database, which allows remote attackers to read or write to arbitrary database records, and consequently obtain administrator privileges, via a sessio...
CVE-2015-1937
CVE-2015-1937 affects IBM PowerVC: the ceilometer NoSQL database in PowerVC 1.2.0.x (1.2.0.4 and earlier), 1.2.1.x (up to 1.2.1.2), and 1.2.2.x (up to 1.2.2.2) allows remote unauthenticated access via port 27017, enabling reading/writing arbitrary database records and potentially gaining administ...