Data Interception Vulnerability in IBM Cloud Private
CVE-2018-1937

4.4MEDIUM

Key Information:

Vendor

IBM
Status
Cloud Private
Vendor
CVE Published:
5 March 2019

What is CVE-2018-1937?

IBM Cloud Private version 3.1.1 is susceptible to a vulnerability that enables a local user with administrator privileges to intercept unencrypted sensitive data. This flaw poses a serious security risk as it could allow unauthorized access to critical information, potentially leading to data breaches. Users of IBM Cloud Private should take immediate steps to assess their risk and consider implementing necessary security measures.

Affected Version(s)

Cloud Private 3.1.1

References

https://www.ibm.com/support/docview.wss?uid=ibm10871766
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/153317
vdb-entryx_refsource_XF
http://www.securityfocus.com/bid/107300
vdb-entryx_refsource_BID

CVSS V3.1

Score:
4.4
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.