CVE-2015-1937

critical

Description

IBM PowerVC 1.2.0.x through 1.2.0.4, 1.2.1.x through 1.2.1.2, and 1.2.2.x through 1.2.2.2 does not require authentication for the ceilometer NoSQL database, which allows remote attackers to read or write to arbitrary database records, and consequently obtain administrator privileges, via a session on port 27017.

References

http://www.securityfocus.com/bid/74911

http://www-01.ibm.com/support/docview.wss?uid=swg1IT08806

http://www-01.ibm.com/support/docview.wss?uid=nas8N1020731

Details

Source: Mitre, NVD

Published: 2015-05-30

Updated: 2026-05-06

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00769