Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBME3BED8418036CE6134F37D9BE63B68C3ED13943F43F20018C6E3F1B368827B47
HistoryJul 23, 2019 - 5:55 p.m.

Security Bulletin: IBM Cloud Private installer log contains sensitive information (CVE-2019-4116)

2019-07-2317:55:01
www.ibm.com
9

0.0004 Low

EPSS

Percentile

12.6%

JSON

Summary

IBM Cloud Private installer log contains sensitive information

Vulnerability Details

CVEID: CVE-2019-4116 DESCRIPTION: IBM Cloud Private could disclose highly sensitive information in installer logs that could be use for further attacks against the system.
CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/158115&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

IBM Cloud Private 2.1.x, 3.1.0, 3.1.1

Remediation/Fixes

For IBM Cloud Private 2.1.x, 3.1.0 and 3.1.1, apply the following steps or upgrade to 3.1.2 or 3.2.0:

1. Remove all docker exited containers on boot node

docker rm $(docker ps -f status=exited)

2. Remove the logs from cluster/logs directory

rm -rf /path/to/cluster/logs/*

Workarounds and Mitigations

None

Related

prion 1
cve 1
cvelist 1
nvd 1
prion
prion
Design/Logic Flaw
2019-07-25 15:15:00
cve
cve
CVE-2019-4116
2019-07-25 15:15:11
cvelist
cvelist
CVE-2019-4116
2019-07-23 00:00:00
nvd
nvd
CVE-2019-4116
2019-07-25 15:15:11

0.0004 Low

EPSS

Percentile

12.6%

JSON
Related for E3BED8418036CE6134F37D9BE63B68C3ED13943F43F20018C6E3F1B368827B47
prion1cve1cvelist1nvd1