CVE-2018-1843

The Identity and Access Management (IAM) services (IBM Cloud Private 3.1.0) do not use a secure channel, such as SSL, to exchange information only when accessed internally from within the cluster. It could be possible for an attacker with access to network traffic to sniff packets from the connection and uncover data. IBM X-Force ID: 150903
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.1 MEDIUM
LOCAL
HIGH
HIGH
CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
ibmCNA
4.1 MEDIUM
LOCAL
HIGH
HIGH
CVSS:3.0/A:N/AC:H/AV:L/C:H/I:N/PR:H/S:U/UI:N/E:U/RC:C/RL:O
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
VendorProductVersion
ibmcloud_private
3.1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.ibm.com/support/docview.wss?uid=ibm10739845
https://exchange.xforce.ibmcloud.com/vulnerabilities/150903
http://www.ibm.com/support/docview.wss?uid=ibm10739845
https://exchange.xforce.ibmcloud.com/vulnerabilities/150903