Vulnerability Name: | CVE-2015-1890 (CCN-101382) | ||||||||
Assigned: | 2015-04-05 | ||||||||
Published: | 2015-04-05 | ||||||||
Updated: | 2016-08-04 | ||||||||
Summary: | /usr/lpp/mmfs/bin/gpfs.snap in IBM General Parallel File System (GPFS) 4.1 before 4.1.0.7 produces an archive potentially containing cleartext keys, and lacks a warning about reviewing this archive to detect included keys, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream. | ||||||||
CVSS v3 Severity: | 2.6 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N)
| ||||||||
CVSS v2 Severity: | 3.5 Low (CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N)
| ||||||||
Vulnerability Type: | CWE-200 | ||||||||
Vulnerability Consequences: | Obtain Information | ||||||||
References: | Source: MITRE Type: CNA CVE-2015-1890 Source: CONFIRM Type: Patch, Vendor Advisory http://www.ibm.com/support/docview.wss?uid=isg3T1022077 Source: CCN Type: IBM Security Bulletin 1963838 A security vulnerability has been identified in IBM General Parallel File System shipped with IBM PureData System for Operational Analytics (CVE-2015-1890) Source: CCN Type: IBM Security Bulletin 1964025 IBM PureApplication System is affected by a security vulnerability. (CVE-2015-1890) Source: BID Type: Third Party Advisory, VDB Entry 73918 Source: XF Type: UNKNOWN ibm-gpfs-cve20151890-info-disc(101382) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: ![]() | ||||||||
BACK |