CVE-2014-3093

Name of the Vulnerable Software and Affected Versions IBM PowerVC versions 1.2.0 through 1.2.0 before FP3 IBM PowerVC versions 1.2.1 through 1.2.1 before FP2

Description The issue allows local users to obtain sensitive information. This is because cleartext passwords are used in various components, including api-paste.ini, debug logs, the installation process, environment checks, powervc-ldap-config, powervc-restore, and powervc-diag. A local user can exploit this by entering a ps command or reading a file.

Recommendations For IBM PowerVC version 1.2.0 before FP3, update to FP3 or later. For IBM PowerVC version 1.2.1 before FP2, update to FP2 or later.