CVE-2018-1843 Information

Description

The Identity and Access Management (IAM) services (IBM Cloud Private 3.1.0) do not use a secure channel such as SSL to exchange information only when accessed internally from within the cluster. It could be possible for an attacker with access to network traffic to sniff packets from the connection and uncover data. IBM X-Force ID: 150903

CVSS Vector

CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

Reference

http://www.ibm.com/support/docview.wss?uid=ibm10739845 https://exchange.xforce.ibmcloud.com/vulnerabilities/150903

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

4.1