PT-2018-1933 · Ibm · Ibm Cloud Private

Published

2018-11-19

Updated

2019-10-09

CVE-2018-1843

CVSS v3.1

4.1

Medium

Vector

AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM Cloud Private version 3.1.0

Description The issue is related to the Identity and Access Management (IAM) services not using a secure channel, such as SSL, to exchange information when accessed internally from within the cluster. This could allow an attacker with access to network traffic to intercept packets from the connection and uncover sensitive data. The vulnerability is caused by a lack of encryption measures for protected data, which could enable an attacker to disclose sensitive information.

Recommendations For IBM Cloud Private version 3.1.0, consider implementing SSL encryption for internal connections to prevent data interception. As a temporary workaround, restrict access to the IAM services to minimize the risk of exploitation.

Fix

Missing Encryption of Sensitive Data

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-311CWE-200

Related Identifiers

BDU:2018-01540

CVE-2018-1843

Affected Products

Ibm Cloud Private

PT-2018-1933 · Ibm · Ibm Cloud Private

CVE-2018-1843

Weakness Enumeration

Related Identifiers

Affected Products

References · 7