VIR Vulnerability Intelligence Relay

CVE-2015-1890

low
Published 2015-04-06 · Modified 2026-05-06
CVSS v3
CVSS v2
3.5
VIR risk
3.5

Description

/usr/lpp/mmfs/bin/gpfs.snap in IBM General Parallel File System (GPFS) 4.1 before 4.1.0.7 produces an archive potentially containing cleartext keys, and lacks a warning about reviewing this archive to detect included keys, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@us.ibm.com — http://www.ibm.com/support/docview.wss?uid=isg3T1022077

Application impact
VendorProductVersionsFixed
ibmgeneral_parallel_file_system4.1

References

CWEs

CWE-200

Verify integrity in audit chain (admin only). AS-IS.