Vulnerability-Lookup

CNVD-2015-03962

Vulnerability from cnvd - Published: 2015-06-25

Title

VCE Vision Intelligent Operations信息泄露漏洞（CNVD-2015-03962）

Description

VCE Vision Intelligent Operations是美国VCE公司的一套支持跨多种系统的数据中心软件。该软件提供融合基础设施管理、系统健康检查等功能。 VCE Vision Intelligent Operations中存在本地安全漏洞。本地攻击者可利用该漏洞获取敏感信息的访问权限。

Severity

低

Patch Name

VCE Vision Intelligent Operations信息泄露漏洞（CNVD-2015-03962）的补丁

Patch Description

VCE Vision Intelligent Operations是美国VCE公司的一套支持跨多种系统的数据中心软件。该软件提供融合基础设施管理、系统健康检查等功能。VCE Vision Intelligent Operations中存在本地安全漏洞。本地攻击者可利用该漏洞获取敏感信息的访问权限。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： http://www.vce.com/asset/documents/vblock-vcevision-2-6-techoverview.pdf

Reference

http://www.securityfocus.com/bid/75265

Impacted products

Name
VCE Vision Intelligent Operations

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "75265"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-4056"
    }
  },
  "description": "VCE Vision Intelligent Operations\u662f\u7f8e\u56fdVCE\u516c\u53f8\u7684\u4e00\u5957\u652f\u6301\u8de8\u591a\u79cd\u7cfb\u7edf\u7684\u6570\u636e\u4e2d\u5fc3\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u63d0\u4f9b\u878d\u5408\u57fa\u7840\u8bbe\u65bd\u7ba1\u7406\u3001\u7cfb\u7edf\u5065\u5eb7\u68c0\u67e5\u7b49\u529f\u80fd\u3002\r\n\r\nVCE Vision Intelligent Operations\u4e2d\u5b58\u5728\u672c\u5730\u5b89\u5168\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u7684\u8bbf\u95ee\u6743\u9650\u3002",
  "discovererName": "VCE",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://www.vce.com/asset/documents/vblock-vcevision-2-6-techoverview.pdf",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-03962",
  "openTime": "2015-06-25",
  "patchDescription": "VCE Vision Intelligent Operations\u662f\u7f8e\u56fdVCE\u516c\u53f8\u7684\u4e00\u5957\u652f\u6301\u8de8\u591a\u79cd\u7cfb\u7edf\u7684\u6570\u636e\u4e2d\u5fc3\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u63d0\u4f9b\u878d\u5408\u57fa\u7840\u8bbe\u65bd\u7ba1\u7406\u3001\u7cfb\u7edf\u5065\u5eb7\u68c0\u67e5\u7b49\u529f\u80fd\u3002VCE Vision Intelligent Operations\u4e2d\u5b58\u5728\u672c\u5730\u5b89\u5168\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u7684\u8bbf\u95ee\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "VCE Vision Intelligent Operations\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2015-03962\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "VCE Vision Intelligent Operations"
  },
  "referenceLink": "http://www.securityfocus.com/bid/75265",
  "serverity": "\u4f4e",
  "submitTime": "2015-06-24",
  "title": "VCE Vision Intelligent Operations\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2015-03962\uff09"
}

CVE-2015-4056 (GCVE-0-2015-4056)

Vulnerability from cvelistv5 – Published: 2017-02-21 19:00 – Updated: 2024-08-06 06:04

Summary

The System Library in VCE Vision Intelligent Operations before 2.6.5 does not properly implement cryptography, which makes it easier for local users to discover credentials by leveraging administrative access.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

http://seclists.org/bugtraq/2015/Jun/91

mailing-listx_refsource_BUGTRAQ

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:04:02.605Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20150617 VCE3570: VCE Vision(TM) Intelligent Operations Cryptographic and Cleartext Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://seclists.org/bugtraq/2015/Jun/91"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-06-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The System Library in VCE Vision Intelligent Operations before 2.6.5 does not properly implement cryptography, which makes it easier for local users to discover credentials by leveraging administrative access."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-02-21T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20150617 VCE3570: VCE Vision(TM) Intelligent Operations Cryptographic and Cleartext Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://seclists.org/bugtraq/2015/Jun/91"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-4056",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The System Library in VCE Vision Intelligent Operations before 2.6.5 does not properly implement cryptography, which makes it easier for local users to discover credentials by leveraging administrative access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20150617 VCE3570: VCE Vision(TM) Intelligent Operations Cryptographic and Cleartext Vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://seclists.org/bugtraq/2015/Jun/91"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-4056",
    "datePublished": "2017-02-21T19:00:00",
    "dateReserved": "2015-05-22T00:00:00",
    "dateUpdated": "2024-08-06T06:04:02.605Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2015-03962

CVE-2015-4056 (GCVE-0-2015-4056)

Tags

Sightings

Nomenclature