Home Unlabelled IBM Security Bulletin: PowerVC is affected by an Openstack Keystone vulnerability that could allow a remote authenticated attacker to discover restricted projects (CVE-2018-14432)

IBM Security Bulletin: PowerVC is affected by an Openstack Keystone vulnerability that could allow a remote authenticated attacker to discover restricted projects (CVE-2018-14432)

By
Friday, January 18, 2019
Read
Add Comment

Jan 18, 2019 9:00 am EST

Categorized: Medium Severity

Share this post:

PowerVC has addressed the following vulnerability. An authenticated “GET /v3/OS-FEDERATION/projects” request to the identity API may bypass intended access restrictions on listing projects. An authenticated user may discover projects they have no authority to access, leaking all projects in the deployment and their attributes.

CVE(s): CVE-2018-14432

Affected product(s) and affected version(s):

Affected ProductAffected Versions
IBM PowerVC Standard1.3.3
IBM PowerVC Standard1.4.0
IBM PowerVC Standard1.4.1
IBM Cloud PowerVC Manager1.3.3
IBM Cloud PowerVC Manager1.4.0
IBM Cloud PowerVC Manager1.4.1

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10794471
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/147412



from IBM Product Security Incident Response Team https://ibm.co/2HkqL1f
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us