CVE-2014-4750

low

Published 2014-08-20 · Modified 2026-05-06

CVSS v3

—

CVSS v2

2.9

VIR risk

2.9

Description

IBM PowerVC Express Edition 1.2.0 before FixPack3 establishes an FTP session for transferring files to a managed IVM, which allows remote attackers to discover credentials by sniffing the network.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=nas8N1020223

Application impact

Vendor	Product	Versions
ibm	powervc	`1.2.0.0`
ibm	powervc	`1.2.0.1`
ibm	powervc	`1.2.0.2`

References

http://www-01.ibm.com/support/docview.wss?uid=nas8N1020223
http://www.securityfocus.com/bid/69299
https://exchange.xforce.ibmcloud.com/vulnerabilities/94352
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020223
http://www.securityfocus.com/bid/69299
https://exchange.xforce.ibmcloud.com/vulnerabilities/94352

CWEs

CWE-200

Verify integrity in audit chain (admin only). AS-IS.