Vulnerability-Lookup

CNVD-2015-03560

Vulnerability from cnvd - Published: 2015-06-04

Title

IBM PowerVC权限提升漏洞

Description

IBM PowerVC是一套虚拟化管理解决方案。该方案支持虚拟系统管理、虚拟图像管理和部署、以及虚拟工作负载管理等。 IBM PowerVC ceilometer NoSQL数据库没有要求执行身份验证，存在权限提升漏洞，允许远程攻击者向27017端口发送特殊请求读取或写入数据库记录，获取管理员权限。

Severity

高

Patch Name

IBM PowerVC权限提升漏洞的补丁

Patch Description

IBM PowerVC是一套虚拟化管理解决方案。该方案支持虚拟系统管理、虚拟图像管理和部署、以及虚拟工作负载管理等。IBM PowerVC ceilometer NoSQL数据库没有要求执行身份验证，存在权限提升漏洞，允许远程攻击者向27017端口发送特殊请求读取或写入数据库记录，获取管理员权限。目前，厂商已经发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞： http://www-01.ibm.com/support/docview.wss?uid=swg1IT08806

Reference

http://www-01.ibm.com/support/docview.wss?uid=nas8N1020731 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1937

Impacted products

Name
['IBM PowerVC Express Edition 1.2.0.0- 1.2.0.2', 'IBM PowerVC Express Edition 1.2.1.0- 1.2.1.1', 'IBM PowerVC Standard Edition 1.2.0.0- 1.2.0.2', 'IBM PowerVC Standard Edition 1.2.1.0- 1.2.1.1', 'IBM PowerVC Express Edition 1.2.0.3', 'IBM PowerVC Express Edition 1.2.0.4', 'IBM PowerVC Express Edition 1.2.1.2', 'IBM PowerVC Standard Edition 1.2.0.3', 'IBM PowerVC Standard Edition 1.2.0.4', 'IBM PowerVC Standard Edition 1.2.1.2', 'IBM PowerVC Standard Edition 1.2.2.0-1.2.2.2']

Name

['IBM PowerVC Express Edition 1.2.0.0- 1.2.0.2', 'IBM PowerVC Express Edition 1.2.1.0- 1.2.1.1', 'IBM PowerVC Standard Edition 1.2.0.0- 1.2.0.2', 'IBM PowerVC Standard Edition 1.2.1.0- 1.2.1.1', 'IBM PowerVC Express Edition 1.2.0.3', 'IBM PowerVC Express Edition 1.2.0.4', 'IBM PowerVC Express Edition 1.2.1.2', 'IBM PowerVC Standard Edition 1.2.0.3', 'IBM PowerVC Standard Edition 1.2.0.4', 'IBM PowerVC Standard Edition 1.2.1.2', 'IBM PowerVC Standard Edition 1.2.2.0-1.2.2.2']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "74911"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-1937"
    }
  },
  "description": "IBM PowerVC\u662f\u4e00\u5957\u865a\u62df\u5316\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u65b9\u6848\u652f\u6301\u865a\u62df\u7cfb\u7edf\u7ba1\u7406\u3001\u865a\u62df\u56fe\u50cf\u7ba1\u7406\u548c\u90e8\u7f72\u3001\u4ee5\u53ca\u865a\u62df\u5de5\u4f5c\u8d1f\u8f7d\u7ba1\u7406\u7b49\u3002\r\n\r\nIBM PowerVC ceilometer NoSQL\u6570\u636e\u5e93\u6ca1\u6709\u8981\u6c42\u6267\u884c\u8eab\u4efd\u9a8c\u8bc1\uff0c\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u541127017\u7aef\u53e3\u53d1\u9001\u7279\u6b8a\u8bf7\u6c42\u8bfb\u53d6\u6216\u5199\u5165\u6570\u636e\u5e93\u8bb0\u5f55\uff0c\u83b7\u53d6\u7ba1\u7406\u5458\u6743\u9650\u3002",
  "discovererName": "IBM",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://www-01.ibm.com/support/docview.wss?uid=swg1IT08806",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-03560",
  "openTime": "2015-06-04",
  "patchDescription": "IBM PowerVC\u662f\u4e00\u5957\u865a\u62df\u5316\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u65b9\u6848\u652f\u6301\u865a\u62df\u7cfb\u7edf\u7ba1\u7406\u3001\u865a\u62df\u56fe\u50cf\u7ba1\u7406\u548c\u90e8\u7f72\u3001\u4ee5\u53ca\u865a\u62df\u5de5\u4f5c\u8d1f\u8f7d\u7ba1\u7406\u7b49\u3002IBM PowerVC ceilometer NoSQL\u6570\u636e\u5e93\u6ca1\u6709\u8981\u6c42\u6267\u884c\u8eab\u4efd\u9a8c\u8bc1\uff0c\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u541127017\u7aef\u53e3\u53d1\u9001\u7279\u6b8a\u8bf7\u6c42\u8bfb\u53d6\u6216\u5199\u5165\u6570\u636e\u5e93\u8bb0\u5f55\uff0c\u83b7\u53d6\u7ba1\u7406\u5458\u6743\u9650\u3002\u76ee\u524d\uff0c\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IBM PowerVC\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "IBM PowerVC Express Edition 1.2.0.0- 1.2.0.2",
      "IBM PowerVC Express Edition 1.2.1.0- 1.2.1.1",
      "IBM PowerVC Standard Edition 1.2.0.0- 1.2.0.2",
      "IBM PowerVC Standard Edition  1.2.1.0- 1.2.1.1",
      "IBM PowerVC Express Edition 1.2.0.3",
      "IBM PowerVC Express Edition 1.2.0.4",
      "IBM PowerVC Express Edition 1.2.1.2",
      "IBM PowerVC Standard Edition 1.2.0.3",
      "IBM PowerVC Standard Edition 1.2.0.4",
      "IBM PowerVC Standard Edition 1.2.1.2",
      "IBM PowerVC Standard Edition 1.2.2.0-1.2.2.2"
    ]
  },
  "referenceLink": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020731\r\nhttps://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1937",
  "serverity": "\u9ad8",
  "submitTime": "2015-06-01",
  "title": "IBM PowerVC\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

CVE-2015-1937 (GCVE-0-2015-1937)

Vulnerability from cvelistv5 – Published: 2015-05-30 19:00 – Updated: 2024-08-06 05:02

Summary

IBM PowerVC 1.2.0.x through 1.2.0.4, 1.2.1.x through 1.2.1.2, and 1.2.2.x through 1.2.2.2 does not require authentication for the ceilometer NoSQL database, which allows remote attackers to read or write to arbitrary database records, and consequently obtain administrator privileges, via a session on port 27017.

Severity ?

No CVSS data available.

CWE

Assigner

ibm

References

URL

Tags

	http://www-01.ibm.com/support/docview.wss?uid=nas…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/74911	vdb-entryx_refsource_BID
	http://www-01.ibm.com/support/docview.wss?uid=swg…	vendor-advisoryx_refsource_AIXAPAR

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:02:41.853Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020731"
          },
          {
            "name": "74911",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/74911"
          },
          {
            "name": "IT08806",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08806"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-05-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM PowerVC 1.2.0.x through 1.2.0.4, 1.2.1.x through 1.2.1.2, and 1.2.2.x through 1.2.2.2 does not require authentication for the ceilometer NoSQL database, which allows remote attackers to read or write to arbitrary database records, and consequently obtain administrator privileges, via a session on port 27017."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-28T20:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020731"
        },
        {
          "name": "74911",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/74911"
        },
        {
          "name": "IT08806",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08806"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2015-1937",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM PowerVC 1.2.0.x through 1.2.0.4, 1.2.1.x through 1.2.1.2, and 1.2.2.x through 1.2.2.2 does not require authentication for the ceilometer NoSQL database, which allows remote attackers to read or write to arbitrary database records, and consequently obtain administrator privileges, via a session on port 27017."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020731",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020731"
            },
            {
              "name": "74911",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/74911"
            },
            {
              "name": "IT08806",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08806"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2015-1937",
    "datePublished": "2015-05-30T19:00:00",
    "dateReserved": "2015-02-19T00:00:00",
    "dateUpdated": "2024-08-06T05:02:41.853Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2015-03560

CVE-2015-1937 (GCVE-0-2015-1937)

Tags

Sightings

Nomenclature