Lucene search
IBM21B7562A8C7B3D3AC379B71B2A3CEA7B79E19A6D3ADD3803883CBF6814A5CBBEHistoryNov 13, 2018 - 8:50 p.m.
Security Bulletin: A Security Vulnerability could affect IBM® Cloud Private (CVE-2018-1841)
2018-11-1320:50:01
www.ibm.com
8
0.0004 Low
EPSS
Percentile
5.1%
Summary
IBM Cloud Private could allow a local user to obtain the CA Private Key due to it being world readable in boot/master node.
Vulnerability Details
CVEID: CVE-2018-1841 DESCRIPTION: IBM Cloud private could allow a local user to obtain the CA Private Key due to it being world readable in boot/master node.
CVSS Base Score: 6.2
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/150901> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
IBM Cloud Private 2.1.0
Remediation/Fixes
For IBM Cloud Private 2.1.0.x releases, upgrade to versions 3.1.0 or higher
- You can obtain IBM Cloud Private 3.1.0 from IBM Passport Advantage
Workarounds and Mitigations
File Systems permissions may be set using chmod
- to 0700 for all directories under /etc/cfc
- to 0600 for all files under etc/cfc
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm cloud private | eq | 2.1.0 |
Related
cve
cve
CVE-2018-1841
2018-11-19 14:29:00
prion
prion
Code injection
2018-11-19 14:29:00
nvd
nvd
CVE-2018-1841
2018-11-19 14:29:00
cvelist
cvelist
CVE-2018-1841
2018-11-13 00:00:00
0.0004 Low
EPSS
Percentile
5.1%
Related for 21B7562A8C7B3D3AC379B71B2A3CEA7B79E19A6D3ADD3803883CBF6814A5CBBE