CVE-2015-1950

Name of the Vulnerable Software and Affected Versions IBM PowerVC Standard Edition versions 1.2.2.1 through 1.2.2.2

Description The issue allows KVM guest OS users to discover certain PowerVC credentials and bypass intended access restrictions. This is possible because the Python interpreter with nova credentials does not require authentication. Users can exploit this via unspecified Python code.

Recommendations For IBM PowerVC Standard Edition versions 1.2.2.1 through 1.2.2.2, consider restricting access to the Python interpreter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.