CVE-2018-1843

Name of the Vulnerable Software and Affected Versions IBM Cloud Private version 3.1.0

Description The issue is related to the Identity and Access Management (IAM) services not using a secure channel, such as SSL, to exchange information when accessed internally from within the cluster. This could allow an attacker with access to network traffic to intercept packets from the connection and uncover sensitive data. The vulnerability is caused by a lack of encryption measures for protected data, which could enable an attacker to disclose sensitive information.

Recommendations For IBM Cloud Private version 3.1.0, consider implementing SSL encryption for internal connections to prevent data interception. As a temporary workaround, restrict access to the IAM services to minimize the risk of exploitation.