IBM Security Bulletin: IBM PowerVC – User token leak to message queue in pyCADF notifier middleware (CVE-2014-4615)
|
Información sobre el sistema
|
|
|
Software afectado |
IBM |
Descripción
|
An attacker with read access to the message queue may obtain authentication tokens used in REST requests (X_AUTH_TOKEN) that goes through the notifier middleware. CVE(s): CVE-2014-4615 Affected product(s) and affected version(s): PowerVC Express Edition 1.2.0.0 through 1.2.0.2 PowerVC Express Edition 1.2.1.0 PowerVC Standard Edition 1.2.0.0 through 1.2.0.2 PowerVC Standard Edition 1.2.1.0 Refer to the following reference URLs for remediation and additional vulnerability details: Source
More info:
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_powervc_user_token_leak_to_message_queue_in_pycadf_notifier_middleware_cve_2014_4615?lang=en_us |
Identificadores estándar
|
Propiedad |
Valor |
CVE |
CVE-2014-4615 ,CVE-2014-4749 ,CVE-2014-4750 ,CVE-2014-0224 ,CVE-2014-0453 and CVE-2014-2828. |