Information Exposure Vulnerability in IBM Cloud Private 3.1.0
CVE-2018-1843

4.1MEDIUM

Key Information:

Vendor: IBM
Status: Cloud Private
Vendor: CVE Published:; 21 November 2018

Summary

IBM Cloud Private 3.1.0 is susceptible to an information exposure vulnerability where its Identity and Access Management (IAM) services fail to secure communications using SSL when accessed internally within the cluster. This oversight may allow attackers with network access to intercept and analyze sensitive data transmitted over the network, potentially leading to significant data breaches. For security professionals, it is crucial to ensure that all internal communications are encrypted to protect against unauthorized data access.

Affected Version(s)

Cloud Private 3.1.0

References

http://www.ibm.com/support/docview.wss?uid=ibm10739845

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/150903

vdb-entryx_refsource_XF

CVSS V3.1

Score:

4.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 21, 2018
Vulnerability Reserved
Dec 13, 2017