CVE-2015-1890
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
/usr/lpp/mmfs/bin/gpfs.snap in IBM General Parallel File System (GPFS) 4.1 before 4.1.0.7 produces an archive potentially containing cleartext keys, and lacks a warning about reviewing this archive to detect included keys, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream.
/usr/lpp/mmfs/bin/gpfs.snap en IBM General Parallel File System (GPFS) 4.1 anterior a 4.1.0.7 produce un archivo que potencialmente contiene claves en texto claro, y le falta un aviso sobre la revisión de este archivo para detectar las claves incluidas, lo que podría permitir a atacantes remotos obtener información sensible mediante el aprovechamiento del acceso a una cadena de datos del soporte técnico.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-02-19 CVE Reserved
- 2015-04-06 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/73918 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=isg3T1022077 | 2016-08-04 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ibm Search vendor "Ibm" | General Parallel File System Search vendor "Ibm" for product "General Parallel File System" | 4.1 Search vendor "Ibm" for product "General Parallel File System" and version "4.1" | - |
Affected
| ||||||