Security Flaw in IBM Cloud Private Key Management Service
CVE-2019-4143

5.5MEDIUM

Key Information:

Vendor
IBM
Status
Cloud Private
Vendor
CVE Published:
8 April 2019

Summary

A local user may exploit a vulnerability within the IBM Cloud Private Key Management Service, specifically in versions 3.1.1 and 3.1.2, to access sensitive information stored in the KMS plugin container log. This exposure could lead to unauthorized access to confidential data, compromising the security of the system. Organizations using affected versions should review their security posture and apply necessary updates or mitigations.

Affected Version(s)

Cloud Private 3.1.1

Cloud Private 3.1.2

References

https://www.ibm.com/support/docview.wss?uid=ibm10878180
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/158348
vdb-entryx_refsource_XF
http://www.securityfocus.com/bid/107849
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.