IBM Support

IT08806: IBM PowerVC is using a ceilometer database that does not have authentication enabled.

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • IBM PowerVC NoSQL database used by ceilometer is listening on
the remote port and is configured to allow connections without
any authentication. A remote attacker can therefore connect to
the database system in order to create, read, update, and delete
 documents, collections, and databases. Authentication tokens
belonging to legitimate users may also be obtained from the
database, providing administrator access to the product.

Local fix

  • 



Problem summary


    

  • Corrected the source code. It has been fixed and will be
available in the future  release.

    



Problem conclusion


    

  • NA

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IT08806
    • 

  • Reported component name
    POWERVC STANDAR
    • 

  • Reported component ID
    5765VCS00
    • 

  • Reported release
    121
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Submitted date
    2015-05-08
    • 

  • Closed date
    2015-06-26
    • 

  • Last modified date
    2015-06-26
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    POWERVC STANDAR
    • 

  • Fixed component ID
    5765VCS00
    • 



Applicable component levels


    

  • R121  PSY
       UP
    • 

  • R122  PSY
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSXK2N","label":"PowerVC Standard Edition"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"121","Edition":"","Line of Business":{"code":"LOB57","label":"Power"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG11R","label":"APARs - AIX 7.1 environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"121","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG11Q","label":"AIX 6.1 HIPERS, APARs and Fixes"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"121","Edition":"","Line of Business":{"code":"","label":""}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            26 June 2015
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback