CVE-2015-1937 Information

Description

IBM PowerVC 1.2.0.x through 1.2.0.4 1.2.1.x through 1.2.1.2 and 1.2.2.x through 1.2.2.2 does not require authentication for the ceilometer NoSQL database which allows remote attackers to read or write to arbitrary database records and consequently obtain administrator privileges via a session on port 27017.

Reference

http://www.securityfocus.com/bid/74911 http://www-01.ibm.com/support/docview.wss?uid=nas8N1020731 http://www-01.ibm.com/support/docview.wss?uid=swg1IT08806