CVE-2018-1843

4.1MEDIUM

Key Information:

Vendor: IBM
Status: Cloud Private
Vendor: CVE Published:; 21 November 2018

Summary

The Identity and Access Management (IAM) services (IBM Cloud Private 3.1.0) do not use a secure channel, such as SSL, to exchange information only when accessed internally from within the cluster. It could be possible for an attacker with access to network traffic to sniff packets from the connection and uncover data. IBM X-Force ID: 150903

Affected Version(s)

Cloud Private 3.1.0

References

http://www.ibm.com/support/docview.wss?uid=ibm10739845

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/150903

vdb-entryx_refsource_XF

CVSS V3.1

Score:

4.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 21, 2018
Vulnerability Reserved
Dec 13, 2017