Lucene search
K
IbmCloud Private

16 matches found

CVE
CVE
added 2019/06/14 2:45 p.m.98 views

CVE-2019-4239

Summary: CVE-2019-4239 affects IBM MQ Advanced Cloud Pak (IBM Cloud Private 1.0.0–3.0.1). Affected systems store user credentials in plain text read-able by a local user. Impact (as stated): Local attacker could access plaintext credentials stored by the Cloud Pak deployment. Public metadata and ...

6.2CVSS5.2AI score0.00309EPSS
CVE
CVE
added 2019/06/18 2:30 p.m.60 views

CVE-2019-4142

IBM Cloud Private is affected by CVE-2019-4142, a cross-site request forgery vulnerability affecting IBM Cloud Private versions 2.1.0, 3.1.0, 3.1.1, and 3.1.2. The issue allows an attacker to perform malicious, unauthorized actions transmitted from a trusted user. Remediation per IBM security bul...

8.8CVSS8.4AI score0.00547EPSS
CVE
CVE
added 2019/07/25 2:30 p.m.56 views

CVE-2019-4116

CVE-2019-4116 affects IBM Cloud Private versions 2.1.x, 3.1.0, and 3.1.1, where installer logs could disclose highly sensitive information that may enable further system attacks. Root cause: information leakage in installer logging. Impact: potential disclosure of confidential data within logs. R...

5.5CVSS5.1AI score0.00357EPSS
CVE
CVE
added 2019/08/05 1:40 p.m.56 views

CVE-2019-4284

CVE-2019-4284 affects IBM Cloud Private. The vulnerability allows a local privileged user to obtain a sensitive OIDC token that is printed to log files, enabling authentication as another user. Affected versions: IBM Cloud Private 2.1.x, 3.1.0, 3.1.1, 3.1.2. Root cause: leakage of OIDC tokens via...

4.4CVSS4.2AI score0.0035EPSS
CVE
CVE
added 2019/03/05 6:0 p.m.53 views

CVE-2018-1937

IBM Cloud Private 3.1.1 is affected by CVE-2018-1937. A local administrator could intercept highly sensitive unencrypted data due to insecure intra-service communications (IAM and OpenShift) over HTTP. The IBM Security Bulletin confirms the impact is data disclosure with local access and provides...

4.4CVSS4.3AI score0.00257EPSS
CVE
CVE
added 2018/11/21 3:0 p.m.52 views

CVE-2018-1843

IBM Cloud Private 3.1.0 IAM services expose internal traffic over non-secure channels, allowing packet sniffing and data exposure. Affected product: IBM Cloud Private 3.1.0. Root cause: lack of secure channel (SSL) for in-cluster communications. Impact: potential confidentiality breach with local...

4.1CVSS4AI score0.00316EPSS
CVE
CVE
added 2019/04/08 2:50 p.m.52 views

CVE-2018-1943

IBM Cloud Private is vulnerable to HTTP HOST header injection (CVE-2018-1943) in version 3.1.0 and 3.1.1 due to improper input validation. By enticing a user to a crafted page, an attacker could inject arbitrary HTTP headers, enabling cross-site scripting, cache poisoning, or session hijacking. R...

5.4CVSS5.3AI score0.0105EPSS
CVE
CVE
added 2019/08/20 7:30 p.m.52 views

CVE-2019-4120

CVE-2019-4120 affects IBM Cloud Private versions 3.1.1 and 3.1.2, with a cross-site scripting vulnerability that allows arbitrary JavaScript execution in the Web UI, potentially leading to credentials disclosure within a trusted session. Root cause is input handling in the Web UI that enables inj...

5.4CVSS5.2AI score0.00679EPSS
CVE
CVE
added 2019/03/05 6:0 p.m.51 views

CVE-2018-1938

The CVE-2018-1938 entry affects IBM Cloud Private 3.1.1, where a local administrator can intercept highly sensitive unencrypted data due to insecure in-cluster communications. Affected component/condition involves unencrypted data traffic between nodes and services (no remote-exploit detail provi...

4.4CVSS4.3AI score0.00257EPSS
CVE
CVE
added 2019/04/08 2:50 p.m.49 views

CVE-2019-4143

The CVE-2019-4143 issue affects IBM Cloud Private before patches: IBM Cloud Private Key Management Service (KMS) in versions 3.1.1 and 3.1.2 can allow a local attacker to obtain sensitive information from the KMS plugin container log. Root cause involves information disclosure via container logs ...

5.5CVSS5.1AI score0.00356EPSS
CVE
CVE
added 2019/07/25 2:30 p.m.47 views

CVE-2019-4415

CVE-2019-4415 affects IBM Cloud Private 3.1.1 and 3.1.2 where a local user can escalate privileges due to improper SecurityContextConstraints handling. The IBM security bulletin confirms icp-scc SCC is erroneously assigned to all pods, enabling privilege escalation. A remediation is provided for ...

7.8CVSS7.2AI score0.00312EPSS
CVE
CVE
added 2019/07/25 2:30 p.m.47 views

CVE-2019-4439

The CVE-2019-4439 issue affects IBM Cloud Private 3.1.0–3.1.2, where sessions are not invalidated after logout, enabling a local user to impersonate another user. Root cause: logout does not terminate the session. Impact is Local, with partial confidentiality, integrity, and availability concerns...

5.9CVSS5AI score0.00287EPSS
CVE
CVE
added 2019/03/05 6:0 p.m.44 views

CVE-2018-1939

Affected product: IBM Cloud Private 3.1.1. ** Vulnerability:** open redirect that enables remote attackers to conduct phishing by spoofing the displayed URL and redirecting users to a malicious site, potentially exposing sensitive information or enabling further attacks. Root cause/impact: open r...

6.8CVSS5.8AI score0.0131EPSS
CVE
CVE
added 2019/08/20 6:25 p.m.43 views

CVE-2019-4117

IBM Cloud Private is affected by CVE-2019-4117: cross-site request forgery in Identity and Access Management modules for versions 3.1.1 and 3.1.2. The vulnerability enables an attacker to cause unauthorized actions transmitted from a trusted user. IBM’s security bulletin recommends applying patch...

8.8CVSS8.4AI score0.00555EPSS
CVE
CVE
added 2019/05/17 3:20 p.m.43 views

CVE-2019-4119

IBM Cloud Private Kubernetes API server versions 2.1.x and 3.1.x (3.1.0, 3.1.1, 3.1.2) can be used as an HTTP proxy to reach internal and external target IPs. The root cause is an input/proxy handling issue that allows proxying beyond intended scope. Remediation per IBM’s bulletin: upgrade to IBM...

5.3CVSS5.8AI score0.01022EPSS
CVE
CVE
added 2018/11/19 2:0 p.m.40 views

CVE-2018-1841

Summary : CVE-2018-1841 affects IBM Cloud Private 2.1.0, where the CA Private Key is world-readable on the boot/master node, enabling a local attacker to obtain the private key. Impact (as stated) : Information disclosure of the CA private key to a local user. The vulnerability is local in scope ...

6.2CVSS5.1AI score0.00379EPSS