CVE-2018-1843 MEDIUM

CVE-2018-1843

Vendor Ibm
Product Cloud Private
Published November 21, 2018
Last update September 16, 2024

CVSS base score

4.1/10
Attack vector Local
Attack complexity High
Privileges required High
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.0/A:N/AC:H/AV:L/C:H/I:N/PR:H/S:U/UI:N/E:U/RC:C/RL:O

What the vulnerability does

01Description

The Identity and Access Management (IAM) services (IBM Cloud Private 3.1.0) do not use a secure channel, such as SSL, to exchange information only when accessed internally from within the cluster. It could be possible for an attacker with access to network traffic to sniff packets from the connection and uncover data. IBM X-Force ID: 150903

Key dates

02Disclosure timeline

November 21, 2018 CVE published
September 16, 2024 Record updated