Information Disclosure Vulnerability in IBM Cloud Private
CVE-2018-1841

6.2MEDIUM

Key Information:

Vendor
IBM
Status
Cloud Private
Vendor
CVE Published:
19 November 2018

Summary

IBM Cloud Private version 2.1.0 contains an information disclosure vulnerability that could allow a local user to access the Certificate Authority (CA) Private Key. This vulnerability occurs due to the CA Private Key being set to world-readable permissions in the boot/master node, enabling unauthorized access to sensitive cryptographic material. Protecting the CA Private Key is crucial as it is integral to authentication and confidentiality within the cloud environment.

Affected Version(s)

Cloud Private 2.1.0

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/150901
vdb-entryx_refsource_XF
http://www.securityfocus.com/bid/105980
vdb-entryx_refsource_BID
https://www.ibm.com/support/docview.wss?uid=ibm10739851
x_refsource_CONFIRM

CVSS V3.1

Score:
6.2
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.