Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
IBM PowerVC 1.2.0.x through 1.2.0.4, 1.2.1.x through 1.2.1.2, and 1.2.2.x through 1.2.2.2 does not require authentication for the ceilometer NoSQL database, which allows remote attackers to read or write to arbitrary database records, and consequently obtain administrator privileges, via a session on port 27017.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
IBM PowerVC 安全漏洞
Vulnerability Description
IBM PowerVC是美国IBM公司的一套虚拟化管理解决方案。该方案支持虚拟系统管理、虚拟图像管理和部署、以及虚拟工作负载管理等。 IBM PowerVC中存在安全漏洞,该漏洞源于ceilometer NoSQL数据库没有要求执行身份验证。远程攻击者可借助27017端口上的会话利用该漏洞读取或写入数据库记录,获取管理员权限。以下版本受到影响:IBM PowerVC 1.2.0.x版本至1.2.0.4版本,1.2.1.x版本至1.2.1.2版本,1.2.2.x版本至1.2.2.2版本。
CVSS Information
N/A
Vulnerability Type
N/A