Cloud Private Security Vulnerabilities and Issues — Cloud Private CVE List

Lucene search

IbmCloud Private

6 matches found

CVE•added 2019/04/08 3:29 p.m.•42 views

CVE-2018-1943

IBM Cloud Private 3.1.0 and 3.1.1 is vulnerable to HTTP HOST header injection, caused by improper validation of input. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the attacker to ...

5.4CVSS5.3AI score0.00133EPSS

CVE•added 2019/08/20 8:15 p.m.•42 views

CVE-2019-4120

IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158146.

5.4CVSS5.2AI score0.00277EPSS

CVE•added 2019/07/25 3:15 p.m.•39 views

CVE-2019-4116

IBM Cloud Private 2.1.0, 3.1.0, and 3.1.1 could disclose highly sensitive information in installer logs that could be use for further attacks against the system. IBM X-Force ID: 158115.

5.5CVSS5.1AI score0.00101EPSS

CVE•added 2019/04/08 3:29 p.m.•39 views

CVE-2019-4143

The IBM Cloud Private Key Management Service (IBM Cloud Private 3.1.1 and 3.1.2) could allow a local user to obtain sensitive from the KMS plugin container log. IBM X-Force ID: 158348.

5.5CVSS5.1AI score0.00052EPSS

CVE•added 2019/07/25 3:15 p.m.•32 views

CVE-2019-4439

IBM Cloud Private 3.1.0, 3.1.1, and 3.1.2 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 162949.

5.9CVSS5AI score0.00036EPSS

CVE•added 2019/05/17 4:29 p.m.•31 views

CVE-2019-4119

IBM Cloud Private Kubernetes API server 2.1.0, 3.1.0, 3.1.1, and 3.1.2 can be used as an HTTP proxy to not only cluster internal but also external target IP addresses. IBM X-Force ID: 158145.

5.3CVSS5.8AI score0.0026EPSS