CVE-2015-1890

CWE-200 — Information Exposure3 documents3 sources

Severity

3.5LOW

EPSS

0.2%

top 64.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM General Parallel File System

Timeline

PublishedApr 6

Latest updateMay 17

Description

/usr/lpp/mmfs/bin/gpfs.snap in IBM General Parallel File System (GPFS) 4.1 before 4.1.0.7 produces an archive potentially containing cleartext keys, and lacks a warning about reviewing this archive to detect included keys, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/general_parallel_file_system4.1

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-8w4f-3765-r94w: /usr/lpp/mmfs/bin/gpfs↗2022-05-17

▶

CVEList

CVE-2015-1890: /usr/lpp/mmfs/bin/gpfs↗2015-04-06

▶