CVE-2018-1843
MEDIUMIBM Cloud Private 3.1.0 - Unauthenticated Sensitive Information Exposure via Unencrypted IAM Traffic
Title source: llmDescription
The Identity and Access Management (IAM) services (IBM Cloud Private 3.1.0) do not use a secure channel, such as SSL, to exchange information only when accessed internally from within the cluster. It could be possible for an attacker with access to network traffic to sniff packets from the connection and uncover data. IBM X-Force ID: 150903
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=ibm10739845
VDB Entry, Vendor Advisory vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/150903
Scores
CVSS v3
4.1
EPSS
0.0032
EPSS Percentile
23.3%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
ibm/cloud_private
3.1.0
Published
Nov 21, 2018
Tracked Since
Feb 18, 2026