ByteOS Network

NVD Vulnerability Details :

CVE-2015-1950

Deferred

Source-psirt@us.ibm.com

Published At-01 Jul, 2015 | 10:59

Updated At-12 Apr, 2025 | 10:46

IBM PowerVC Standard Edition 1.2.2.1 through 1.2.2.2 does not require authentication for access to the Python interpreter with nova credentials, which allows KVM guest OS users to discover certain PowerVC credentials and bypass intended access restrictions via unspecified Python code.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	4.6	MEDIUM	AV:L/AC:L/Au:N/C:P/I:P/A:P

Type: Primary

Version: 2.0

Base score: 4.6

Base severity: MEDIUM

Vector:

AV:L/AC:L/Au:N/C:P/I:P/A:P

CPE Matches

IBM Corporation

>>powervc>>1.2.2.1

cpe:2.3:a:ibm:powervc:1.2.2.1:*:*:*:standard:*:*:*

IBM Corporation

>>powervc>>1.2.2.2

cpe:2.3:a:ibm:powervc:1.2.2.2:*:*:*:standard:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-255	Primary	nvd@nist.gov

CWE ID: CWE-255

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020740	psirt@us.ibm.com	Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IT08926	psirt@us.ibm.com	N/A
http://www.securityfocus.com/bid/75102	psirt@us.ibm.com	N/A
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020740	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IT08926	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/bid/75102	af854a3a-2127-422b-91ae-364da2661108	N/A