Cloud Private@3.1.1 Security Vulnerabilities and Issues — Cloud Private@3.1.1 CVE List

Lucene search

IbmCloud Private3.1.1

13 matches found

CVE•added 2019/06/18 3:15 p.m.•51 views

CVE-2019-4142

IBM Cloud Private 2.1.0, 3.1.0, 3.1.1, and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158338.

8.8CVSS8.4AI score0.00128EPSS

CVE•added 2019/03/05 6:29 p.m.•44 views

CVE-2018-1937

IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153317.

4.4CVSS4.3AI score0.00027EPSS

CVE•added 2019/08/05 2:15 p.m.•44 views

CVE-2019-4284

IBM Cloud Private 2.1.0 , 3.1.0, 3.1.1, and 3.1.2 could allow a local privileged user to obtain sensitive OIDC token that is printed to log files, which could be used to log in to the system as another user. IBM X-Force ID: 160512.

4.4CVSS4.2AI score0.00044EPSS

CVE•added 2019/03/05 6:29 p.m.•42 views

CVE-2018-1938

IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153318.

4.4CVSS4.3AI score0.00027EPSS

CVE•added 2019/04/08 3:29 p.m.•42 views

CVE-2018-1943

IBM Cloud Private 3.1.0 and 3.1.1 is vulnerable to HTTP HOST header injection, caused by improper validation of input. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the attacker to ...

5.4CVSS5.3AI score0.00133EPSS

CVE•added 2019/08/20 8:15 p.m.•42 views

CVE-2019-4120

IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158146.

5.4CVSS5.2AI score0.00277EPSS

CVE•added 2019/07/25 3:15 p.m.•39 views

CVE-2019-4116

IBM Cloud Private 2.1.0, 3.1.0, and 3.1.1 could disclose highly sensitive information in installer logs that could be use for further attacks against the system. IBM X-Force ID: 158115.

5.5CVSS5.1AI score0.00101EPSS

CVE•added 2019/04/08 3:29 p.m.•39 views

CVE-2019-4143

The IBM Cloud Private Key Management Service (IBM Cloud Private 3.1.1 and 3.1.2) could allow a local user to obtain sensitive from the KMS plugin container log. IBM X-Force ID: 158348.

5.5CVSS5.1AI score0.00052EPSS

CVE•added 2019/03/05 6:29 p.m.•34 views

CVE-2018-1939

IBM Cloud Private 3.1.1 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site th...

6.8CVSS5.8AI score0.00194EPSS

CVE•added 2019/08/20 7:15 p.m.•33 views

CVE-2019-4117

IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158116.

8.8CVSS8.4AI score0.00183EPSS

CVE•added 2019/07/25 3:15 p.m.•33 views

CVE-2019-4415

IBM Cloud Private 3.1.1 and 3.1.2 could allow a local user to obtain elevated privileges due to improper security context constraints. IBM X-Force ID: 162706.

7.8CVSS7.2AI score0.00046EPSS

CVE•added 2019/07/25 3:15 p.m.•32 views

CVE-2019-4439

IBM Cloud Private 3.1.0, 3.1.1, and 3.1.2 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 162949.

5.9CVSS5AI score0.00036EPSS

CVE•added 2019/05/17 4:29 p.m.•31 views

CVE-2019-4119

IBM Cloud Private Kubernetes API server 2.1.0, 3.1.0, 3.1.1, and 3.1.2 can be used as an HTTP proxy to not only cluster internal but also external target IP addresses. IBM X-Force ID: 158145.

5.3CVSS5.8AI score0.0026EPSS