CVE-2014-4750

IBM PowerVC Express Edition 1.2.0 before FixPack3 establishes an FTP session for transferring files to a managed IVM, which allows remote attackers to discover credentials by sniffing the network.

CVSS v2.0 2.9 LOW

2.9^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:A/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 5.5 / Impact : 2.9

Access Vector ADJACENT_NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020223	Vendor Advisory
http://www.securityfocus.com/bid/69299
https://exchange.xforce.ibmcloud.com/vulnerabilities/94352

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:powervc:1.2.0.0::::express:::
	cpe:2.3:a:ibm:powervc:1.2.0.1::::express:::
	cpe:2.3:a:ibm:powervc:1.2.0.2::::express:::

History

No history.

Information

Published : 2014-08-20 11:17

Updated : 2024-02-04 18:35

NVD link : CVE-2014-4750

Mitre link : CVE-2014-4750

CVE.ORG link : CVE-2014-4750

JSON object : View

Products Affected

ibm

powervc

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

2.9 /10