Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMC74DBE5C01AC3BA2FA0E3416E5E7C5793CD4ECC650CCE97C7C90ABD463E41551
HistoryJun 17, 2018 - 11:50 p.m.

Security Bulletin: IBM PowerVC is impacted by OpenStack Nova information disclosure vulnerabilities (CVE-2015-1850, CVE-2015-7548)

2018-06-1723:50:48
www.ibm.com
11

EPSS

0.001

Percentile

36.1%

JSON

Summary

IBM PowerVC is impacted by OpenStack Nova information disclosure vulnerailities (CVE-2015-1850, CVE-2015-7548)

Vulnerability Details

CVEID:CVE-2015-1850
**DESCRIPTION:**OpenStack Nova could allow a local attacker to obtain sensitive information, caused by the failure to provide input format to several calls of ““qemu-img convert””. By overwriting an image convert using a qcow2 backing file, an attacker could exploit this vulnerability to read arbitrary files from the host.

CVSS Base Score: 4.9
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/103849&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:C/I:N/A:N)

CVEID:CVE-2015-7548
**DESCRIPTION:**OpenStack Nova could allow a local authenticated attacker to obtain sensitive information, caused by an error in instance snapshot. By overwriting the disk inside an instance using a malformed image and requesting a snapshot, an attacker could exploit this vulnerability to read arbitrary files from the host.

CVSS Base Score: 5.500
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/109474&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

PowerVC Standard Edition 1.2.3.0 through 1.2.3.3
PowerVC Standard Edition 1.3.0.0 through 1.3.0.1

Remediation/Fixes

For PowerVC 1.2.3, update to 1.2.3 FP3 and then apply the IT16325 interim fix from FixCentral:
http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FPowerVC&fixids=Security-Fix-1.2.3.3-PowerVC-RHEL-NOARCH-APAR-IT16325&source=SAR
For PowerVC 1.3.0, apply PowerVC 1.3.0 FP2 or later:
https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/PowerVC&release=1.3.0.0&platform=All&function=all&source=fc

Workarounds and Mitigations

None

Related

ibm 2
cvelist 2
debiancve 1
prion 1
nvd 2
cve 2
redhat 2
ubuntucve 1
veracode 1
nessus 2
ubuntu 1
openvas 1
ibm
ibm
Security Bulletin: OpenStack vulnerabilities affect IBM Cloud Manager with Openstack (CVE-2015-7548, CVE-2015-8749 CVE-2015-1850)
2018-08-08 04:13:55
Security Bulletin: OpenStack vulnerabilities affect IBM SmartCloud Entry(CVE-2015-7548, CVE-2015-8749 CVE-2015-1850)
2020-07-19 00:49:12
cvelist
cvelist
CVE-2015-7548
2016-01-12 19:00:00
CVE-2015-1850
1976-01-01 00:00:00
debiancve
debiancve
CVE-2015-7548
2016-01-12 19:59:06
prion
prion
Stack overflow
2016-01-12 19:59:00
nvd
nvd
CVE-2015-7548
2016-01-12 19:59:06
CVE-2015-1850
2020-01-15 15:15:11
cve
cve
CVE-2015-7548
2016-01-12 19:59:06
CVE-2015-1850
2020-01-15 15:15:11
redhat
redhat
(RHSA-2016:0018) Important: openstack-nova security update
2016-01-11 10:15:30
(RHSA-2016:0017) Important: openstack-nova security advisory
2016-01-10 23:07:38
ubuntucve
ubuntucve
CVE-2015-7548
2016-01-12 00:00:00
veracode
veracode
Arbitrary File Read
2019-01-15 09:09:37
nessus
nessus
RHEL 6 : openstack-nova (Unpatched Vulnerability)
2024-06-03 00:00:00
Ubuntu 14.04 LTS : OpenStack Nova vulnerabilities (USN-3449-1)
2017-10-12 00:00:00
ubuntu
ubuntu
OpenStack Nova vulnerabilities
2017-10-11 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-3449-1)
2017-10-12 00:00:00

EPSS

0.001

Percentile

36.1%

JSON
Related for C74DBE5C01AC3BA2FA0E3416E5E7C5793CD4ECC650CCE97C7C90ABD463E41551
ibm2cvelist2debiancve1prion1nvd2cve2redhat2ubuntucve1veracode1nessus2ubuntu1openvas1