CVE-2014-3093

Published Aug 29, 2014

Last updated 7 years ago

Overview

Description: IBM PowerVC 1.2.0 before FP3 and 1.2.1 before FP2 uses cleartext passwords in (1) api-paste.ini, (2) debug logs, (3) the installation process, (4) environment checks, (5) powervc-ldap-config, (6) powervc-restore, and (7) powervc-diag, which allows local users to obtain sensitive information by entering a ps command or reading a file.
Source: psirt@us.ibm.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 2.1
Impact score: 2.9
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-310

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:powervc:1.2.0.0:*:*:*:express:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F235BE09-8C8A-47DB-8FEB-1DB75B033143"
          },
          {
            "criteria": "cpe:2.3:a:ibm:powervc:1.2.0.0:*:*:*:standard:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "588EBB92-23C4-425B-9093-F776323B05F3"
          },
          {
            "criteria": "cpe:2.3:a:ibm:powervc:1.2.0.1:*:*:*:express:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "603F587A-2B4B-4FCD-B0AD-EE07553CB485"
          },
          {
            "criteria": "cpe:2.3:a:ibm:powervc:1.2.0.1:*:*:*:standard:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AB78B5FF-E4F3-483D-A3BF-F2E2ED997DEF"
          },
          {
            "criteria": "cpe:2.3:a:ibm:powervc:1.2.0.2:*:*:*:express:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "68534B6C-B5EC-4F62-AF41-DDCE3C10ACBD"
          },
          {
            "criteria": "cpe:2.3:a:ibm:powervc:1.2.0.2:*:*:*:standard:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C1626D53-458F-4EE2-9CA5-EFF2B819B5CB"
          },
          {
            "criteria": "cpe:2.3:a:ibm:powervc:1.2.1.0:*:*:*:express:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "94DE7F8F-4A36-4A95-8E3E-0327CF37D5DD"
          },
          {
            "criteria": "cpe:2.3:a:ibm:powervc:1.2.1.0:*:*:*:standard:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0AEECF0E-682F-49A4-B54A-825F3EBF06F6"
          },
          {
            "criteria": "cpe:2.3:a:ibm:powervc:1.2.1.1:*:*:*:express:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BE08D50D-FCEA-4619-A695-C00871A335F8"
          },
          {
            "criteria": "cpe:2.3:a:ibm:powervc:1.2.1.1:*:*:*:standard:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "93C6B2E6-16BD-4748-80B0-DBD69910ABA6"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References