7.5 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
6.2 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:H/Au:N/C:C/I:C/A:C
A Security Vulnerability affects IBM Cloud Private - Docker (CVE-2018-15664)
CVEID: CVE-2018-15664 DESCRIPTION: Docker could allow a remote attacker to traverse directories on the system, caused by symlink-exchange race attacks in docker cp. By allowing the execution of container processes while conducting filesystem operations on the container, an attacker could exploit this vulnerability to gain read and write access to any path on the host.
CVSS Base Score: 9.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/161681> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)
IBM Cloud Private 2.1.x, 3.1.0, 3.1.1, 3.1.2, 3.2.0
Upgrade to Docker version xxxx (waiting on fix from Docker community) from <link>
If using the IBM Cloud Private supplied Docker package, apply the appropriate patch.
Product defect fixes and security updates are only available for the two most recent Continuous Delivery (CD) update packages
For IBM Cloud Private 3.2.0, apply patch:
For IBM Cloud Private 3.1.2, apply patch:
For IBM Cloud Private, 2.1.x, 3.1.0, 3.1.1:
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm cloud private | eq | any |
7.5 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
6.2 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:H/Au:N/C:C/I:C/A:C