Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    32 vulnerabilities found for cloud_private by ibm

    CVE-2019-4120 (GCVE-0-2019-4120)

    Vulnerability from cvelistv5 – Published: 2019-08-20 19:30 – Updated: 2024-09-16 20:17
    VLAI
    Summary
    IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158146.
    CWE
    • Cross-Site Scripting
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Cloud Private Affected: 3.1.1
    Affected: 3.1.2
    Create a notification for this product.
    Date Public
    2019-08-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:26:27.962Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=ibm10885328"
              },
              {
                "name": "ibm-cloud-cve20194120-xss (158146)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158146"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cloud Private",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.1.1"
                },
                {
                  "status": "affected",
                  "version": "3.1.2"
                }
              ]
            }
          ],
          "datePublic": "2019-08-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158146."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "CHANGED",
                "temporalScore": 5.2,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/UI:R/PR:L/I:L/A:N/S:C/C:L/AC:L/AV:N/E:H/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-20T19:30:25.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10885328"
            },
            {
              "name": "ibm-cloud-cve20194120-xss (158146)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158146"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-08-13T00:00:00",
              "ID": "CVE-2019-4120",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cloud Private",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.1.1"
                              },
                              {
                                "version_value": "3.1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158146."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "L",
                  "PR": "L",
                  "S": "C",
                  "UI": "R"
                },
                "TM": {
                  "E": "H",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=ibm10885328",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 885328 (Cloud Private)",
                  "url": "http://www.ibm.com/support/docview.wss?uid=ibm10885328"
                },
                {
                  "name": "ibm-cloud-cve20194120-xss (158146)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158146"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4120",
        "datePublished": "2019-08-20T19:30:25.358Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:17:38.712Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4117 (GCVE-0-2019-4117)

    Vulnerability from cvelistv5 – Published: 2019-08-20 18:25 – Updated: 2024-09-17 00:41
    VLAI
    Summary
    IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158116.
    CWE
    • Gain Access
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Cloud Private Affected: 3.1.1
    Affected: 3.1.2
    Create a notification for this product.
    Date Public
    2019-08-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:26:27.916Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=ibm10878396"
              },
              {
                "name": "ibm-cloud-cve20194117-csrf (158116)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158116"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cloud Private",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.1.1"
                },
                {
                  "status": "affected",
                  "version": "3.1.2"
                }
              ]
            }
          ],
          "datePublic": "2019-08-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158116."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 3.8,
                "temporalSeverity": "LOW",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/C:N/A:N/AC:L/S:U/AV:N/UI:R/PR:N/I:L/E:U/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-20T18:25:26.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10878396"
            },
            {
              "name": "ibm-cloud-cve20194117-csrf (158116)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158116"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-08-13T00:00:00",
              "ID": "CVE-2019-4117",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cloud Private",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.1.1"
                              },
                              {
                                "version_value": "3.1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158116."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "N",
                  "I": "L",
                  "PR": "N",
                  "S": "U",
                  "UI": "R"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=ibm10878396",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 878396 (Cloud Private)",
                  "url": "http://www.ibm.com/support/docview.wss?uid=ibm10878396"
                },
                {
                  "name": "ibm-cloud-cve20194117-csrf (158116)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158116"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4117",
        "datePublished": "2019-08-20T18:25:26.433Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:41:30.635Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4284 (GCVE-0-2019-4284)

    Vulnerability from cvelistv5 – Published: 2019-08-05 13:40 – Updated: 2024-09-17 01:45
    VLAI
    Summary
    IBM Cloud Private 2.1.0 , 3.1.0, 3.1.1, and 3.1.2 could allow a local privileged user to obtain sensitive OIDC token that is printed to log files, which could be used to log in to the system as another user. IBM X-Force ID: 160512.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Cloud Private Affected: 2.1.0
    Affected: 3.1.0
    Affected: 3.1.1
    Affected: 3.1.2
    Create a notification for this product.
    Date Public
    2019-08-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:33:37.675Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10885454"
              },
              {
                "name": "ibm-cloud-cve20194284-info-disc (160512)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160512"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cloud Private",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.1.0"
                },
                {
                  "status": "affected",
                  "version": "3.1.0"
                },
                {
                  "status": "affected",
                  "version": "3.1.1"
                },
                {
                  "status": "affected",
                  "version": "3.1.2"
                }
              ]
            }
          ],
          "datePublic": "2019-08-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Cloud Private 2.1.0 , 3.1.0, 3.1.1, and 3.1.2 could allow a local privileged user to obtain sensitive OIDC token that is printed to log files, which could be used to log in to the system as another user. IBM X-Force ID: 160512."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 3.9,
                "temporalSeverity": "LOW",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/UI:N/A:N/C:H/I:N/AC:L/S:U/AV:L/PR:H/RC:C/RL:O/E:U",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-05T13:40:15.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10885454"
            },
            {
              "name": "ibm-cloud-cve20194284-info-disc (160512)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160512"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-08-01T00:00:00",
              "ID": "CVE-2019-4284",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cloud Private",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2.1.0"
                              },
                              {
                                "version_value": "3.1.0"
                              },
                              {
                                "version_value": "3.1.1"
                              },
                              {
                                "version_value": "3.1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Cloud Private 2.1.0 , 3.1.0, 3.1.1, and 3.1.2 could allow a local privileged user to obtain sensitive OIDC token that is printed to log files, which could be used to log in to the system as another user. IBM X-Force ID: 160512."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "L",
                  "C": "H",
                  "I": "N",
                  "PR": "H",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10885454",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 885454 (Cloud Private)",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10885454"
                },
                {
                  "name": "ibm-cloud-cve20194284-info-disc (160512)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160512"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4284",
        "datePublished": "2019-08-05T13:40:15.577Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:45:57.622Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4439 (GCVE-0-2019-4439)

    Vulnerability from cvelistv5 – Published: 2019-07-25 14:30 – Updated: 2024-09-16 17:43
    VLAI
    Summary
    IBM Cloud Private 3.1.0, 3.1.1, and 3.1.2 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 162949.
    CWE
    • Gain Privileges
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Cloud Private Affected: 3.1.0
    Affected: 3.1.1
    Affected: 3.1.2
    Create a notification for this product.
    Date Public
    2019-07-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:33:38.227Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10884892"
              },
              {
                "name": "ibm-cloud-cve20194439-session-fixation (162949)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162949"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cloud Private",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.1.0"
                },
                {
                  "status": "affected",
                  "version": "3.1.1"
                },
                {
                  "status": "affected",
                  "version": "3.1.2"
                }
              ]
            }
          ],
          "datePublic": "2019-07-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Cloud Private 3.1.0, 3.1.1, and 3.1.2 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 162949."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 5.2,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/I:L/AV:L/C:L/A:L/AC:L/S:U/PR:N/UI:N/E:U/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Privileges",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-07-25T14:30:21.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10884892"
            },
            {
              "name": "ibm-cloud-cve20194439-session-fixation (162949)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162949"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-07-23T00:00:00",
              "ID": "CVE-2019-4439",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cloud Private",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.1.0"
                              },
                              {
                                "version_value": "3.1.1"
                              },
                              {
                                "version_value": "3.1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Cloud Private 3.1.0, 3.1.1, and 3.1.2 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 162949."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "L",
                  "AC": "L",
                  "AV": "L",
                  "C": "L",
                  "I": "L",
                  "PR": "N",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Privileges"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10884892",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 884892 (Cloud Private)",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10884892"
                },
                {
                  "name": "ibm-cloud-cve20194439-session-fixation (162949)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162949"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4439",
        "datePublished": "2019-07-25T14:30:21.204Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:43:10.762Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4415 (GCVE-0-2019-4415)

    Vulnerability from cvelistv5 – Published: 2019-07-25 14:30 – Updated: 2024-09-16 23:16
    VLAI
    Summary
    IBM Cloud Private 3.1.1 and 3.1.2 could allow a local user to obtain elevated privileges due to improper security context constraints. IBM X-Force ID: 162706.
    CWE
    • Gain Privileges
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Cloud Private Affected: 3.1.1
    Affected: 3.1.2
    Create a notification for this product.
    Date Public
    2019-07-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:33:38.223Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=ibm10887857"
              },
              {
                "name": "ibm-cloud-cve20194415-priv-escalation (162706)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162706"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cloud Private",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.1.1"
                },
                {
                  "status": "affected",
                  "version": "3.1.2"
                }
              ]
            }
          ],
          "datePublic": "2019-07-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Cloud Private 3.1.1 and 3.1.2 could allow a local user to obtain elevated privileges due to improper security context constraints. IBM X-Force ID: 162706."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 4.3,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/I:L/C:L/A:L/UI:N/PR:N/AC:H/S:U/RC:C/RL:O/E:U",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Privileges",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-07-25T14:30:21.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10887857"
            },
            {
              "name": "ibm-cloud-cve20194415-priv-escalation (162706)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162706"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-07-23T00:00:00",
              "ID": "CVE-2019-4415",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cloud Private",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.1.1"
                              },
                              {
                                "version_value": "3.1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Cloud Private 3.1.1 and 3.1.2 could allow a local user to obtain elevated privileges due to improper security context constraints. IBM X-Force ID: 162706."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "L",
                  "AC": "H",
                  "AV": "L",
                  "C": "L",
                  "I": "L",
                  "PR": "N",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Privileges"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=ibm10887857",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 887857 (Cloud Private)",
                  "url": "http://www.ibm.com/support/docview.wss?uid=ibm10887857"
                },
                {
                  "name": "ibm-cloud-cve20194415-priv-escalation (162706)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162706"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4415",
        "datePublished": "2019-07-25T14:30:21.128Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:16:50.754Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4116 (GCVE-0-2019-4116)

    Vulnerability from cvelistv5 – Published: 2019-07-25 14:30 – Updated: 2024-09-16 18:09
    VLAI
    Summary
    IBM Cloud Private 2.1.0, 3.1.0, and 3.1.1 could disclose highly sensitive information in installer logs that could be use for further attacks against the system. IBM X-Force ID: 158115.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Cloud Private Affected: 2.1.0
    Affected: 3.1.0
    Affected: 3.1.1
    Create a notification for this product.
    Date Public
    2019-07-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:26:27.926Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=ibm10885318"
              },
              {
                "name": "ibm-cloud-cve20194116-info-disc (158115)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158115"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cloud Private",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.1.0"
                },
                {
                  "status": "affected",
                  "version": "3.1.0"
                },
                {
                  "status": "affected",
                  "version": "3.1.1"
                }
              ]
            }
          ],
          "datePublic": "2019-07-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Cloud Private 2.1.0, 3.1.0, and 3.1.1 could disclose highly sensitive information in installer logs that could be use for further attacks against the system. IBM X-Force ID: 158115."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 4.8,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/I:N/AV:L/C:H/A:N/UI:N/PR:L/S:U/AC:L/RC:C/RL:O/E:U",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-07-25T14:30:20.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10885318"
            },
            {
              "name": "ibm-cloud-cve20194116-info-disc (158115)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158115"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-07-23T00:00:00",
              "ID": "CVE-2019-4116",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cloud Private",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2.1.0"
                              },
                              {
                                "version_value": "3.1.0"
                              },
                              {
                                "version_value": "3.1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Cloud Private 2.1.0, 3.1.0, and 3.1.1 could disclose highly sensitive information in installer logs that could be use for further attacks against the system. IBM X-Force ID: 158115."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "L",
                  "C": "H",
                  "I": "N",
                  "PR": "L",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=ibm10885318",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 885318 (Cloud Private)",
                  "url": "http://www.ibm.com/support/docview.wss?uid=ibm10885318"
                },
                {
                  "name": "ibm-cloud-cve20194116-info-disc (158115)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158115"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4116",
        "datePublished": "2019-07-25T14:30:20.949Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:09:25.131Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4142 (GCVE-0-2019-4142)

    Vulnerability from cvelistv5 – Published: 2019-06-18 14:30 – Updated: 2024-09-16 18:48
    VLAI
    Summary
    IBM Cloud Private 2.1.0, 3.1.0, 3.1.1, and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158338.
    CWE
    • Gain Access
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Cloud Private Affected: 2.1.0
    Affected: 3.1.0
    Affected: 3.1.1
    Affected: 3.1.2
    Create a notification for this product.
    Date Public
    2019-06-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:26:28.009Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10885434"
              },
              {
                "name": "ibm-cloud-cve20194142-csrf (158338)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158338"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cloud Private",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.1.0"
                },
                {
                  "status": "affected",
                  "version": "3.1.0"
                },
                {
                  "status": "affected",
                  "version": "3.1.1"
                },
                {
                  "status": "affected",
                  "version": "3.1.2"
                }
              ]
            }
          ],
          "datePublic": "2019-06-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Cloud Private 2.1.0, 3.1.0, 3.1.1, and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158338."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 3.8,
                "temporalSeverity": "LOW",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/C:N/A:N/UI:R/I:L/S:U/AV:N/AC:L/PR:N/RL:O/E:U/RC:C",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-06-18T14:30:18.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10885434"
            },
            {
              "name": "ibm-cloud-cve20194142-csrf (158338)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158338"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-06-14T00:00:00",
              "ID": "CVE-2019-4142",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cloud Private",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2.1.0"
                              },
                              {
                                "version_value": "3.1.0"
                              },
                              {
                                "version_value": "3.1.1"
                              },
                              {
                                "version_value": "3.1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Cloud Private 2.1.0, 3.1.0, 3.1.1, and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158338."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "N",
                  "I": "L",
                  "PR": "N",
                  "S": "U",
                  "UI": "R"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10885434",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 885434 (Cloud Private)",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10885434"
                },
                {
                  "name": "ibm-cloud-cve20194142-csrf (158338)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158338"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4142",
        "datePublished": "2019-06-18T14:30:18.274Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:48:56.262Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4239 (GCVE-0-2019-4239)

    Vulnerability from cvelistv5 – Published: 2019-06-14 14:45 – Updated: 2024-09-16 17:18
    VLAI
    Summary
    IBM MQ Advanced Cloud Pak (IBM Cloud Private 1.0.0 through 3.0.1) stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 159465.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM MQ Advanced Cloud Pak (IBM Cloud Private) Affected: 1.0.0
    Affected: 1.1.0
    Affected: 1.2.0
    Affected: 1.3.0
    Affected: 2.0.0
    Affected: 2.1.0
    Affected: 2.2.0
    Affected: 2.2.1
    Affected: 2.2.2
    Affected: 2.2.3
    Affected: 3.0.0
    Affected: 3.0.1
    Create a notification for this product.
    IBM MQ Advanced Cloud Pak (IBM Cloud Private on RedHat OpenShift) Affected: 1.0.0
    Affected: 1.1.0
    Affected: 1.2.0
    Affected: 1.3.0
    Affected: 2.0.0
    Affected: 2.1.0
    Affected: 2.2.0
    Affected: 2.2.1
    Affected: 2.2.2
    Affected: 2.2.3
    Affected: 3.0.0
    Affected: 3.0.1
    Create a notification for this product.
    Date Public
    2019-06-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:33:37.768Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10886591"
              },
              {
                "name": "ibm-mq-cve20194239-info-disc (159465)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159465"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MQ Advanced Cloud Pak (IBM Cloud Private)",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0"
                },
                {
                  "status": "affected",
                  "version": "1.1.0"
                },
                {
                  "status": "affected",
                  "version": "1.2.0"
                },
                {
                  "status": "affected",
                  "version": "1.3.0"
                },
                {
                  "status": "affected",
                  "version": "2.0.0"
                },
                {
                  "status": "affected",
                  "version": "2.1.0"
                },
                {
                  "status": "affected",
                  "version": "2.2.0"
                },
                {
                  "status": "affected",
                  "version": "2.2.1"
                },
                {
                  "status": "affected",
                  "version": "2.2.2"
                },
                {
                  "status": "affected",
                  "version": "2.2.3"
                },
                {
                  "status": "affected",
                  "version": "3.0.0"
                },
                {
                  "status": "affected",
                  "version": "3.0.1"
                }
              ]
            },
            {
              "product": "MQ Advanced Cloud Pak (IBM Cloud Private on RedHat OpenShift)",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0"
                },
                {
                  "status": "affected",
                  "version": "1.1.0"
                },
                {
                  "status": "affected",
                  "version": "1.2.0"
                },
                {
                  "status": "affected",
                  "version": "1.3.0"
                },
                {
                  "status": "affected",
                  "version": "2.0.0"
                },
                {
                  "status": "affected",
                  "version": "2.1.0"
                },
                {
                  "status": "affected",
                  "version": "2.2.0"
                },
                {
                  "status": "affected",
                  "version": "2.2.1"
                },
                {
                  "status": "affected",
                  "version": "2.2.2"
                },
                {
                  "status": "affected",
                  "version": "2.2.3"
                },
                {
                  "status": "affected",
                  "version": "3.0.0"
                },
                {
                  "status": "affected",
                  "version": "3.0.1"
                }
              ]
            }
          ],
          "datePublic": "2019-06-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM MQ Advanced Cloud Pak (IBM Cloud Private 1.0.0 through 3.0.1) stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 159465."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 5.4,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/PR:N/A:N/S:U/AV:L/I:N/AC:L/UI:N/C:H/RL:O/RC:C/E:U",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-06-14T14:45:17.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10886591"
            },
            {
              "name": "ibm-mq-cve20194239-info-disc (159465)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159465"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-06-07T00:00:00",
              "ID": "CVE-2019-4239",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MQ Advanced Cloud Pak (IBM Cloud Private)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.0.0"
                              },
                              {
                                "version_value": "1.1.0"
                              },
                              {
                                "version_value": "1.2.0"
                              },
                              {
                                "version_value": "1.3.0"
                              },
                              {
                                "version_value": "2.0.0"
                              },
                              {
                                "version_value": "2.1.0"
                              },
                              {
                                "version_value": "2.2.0"
                              },
                              {
                                "version_value": "2.2.1"
                              },
                              {
                                "version_value": "2.2.2"
                              },
                              {
                                "version_value": "2.2.3"
                              },
                              {
                                "version_value": "3.0.0"
                              },
                              {
                                "version_value": "3.0.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "MQ Advanced Cloud Pak (IBM Cloud Private on RedHat OpenShift)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.0.0"
                              },
                              {
                                "version_value": "1.1.0"
                              },
                              {
                                "version_value": "1.2.0"
                              },
                              {
                                "version_value": "1.3.0"
                              },
                              {
                                "version_value": "2.0.0"
                              },
                              {
                                "version_value": "2.1.0"
                              },
                              {
                                "version_value": "2.2.0"
                              },
                              {
                                "version_value": "2.2.1"
                              },
                              {
                                "version_value": "2.2.2"
                              },
                              {
                                "version_value": "2.2.3"
                              },
                              {
                                "version_value": "3.0.0"
                              },
                              {
                                "version_value": "3.0.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM MQ Advanced Cloud Pak (IBM Cloud Private 1.0.0 through 3.0.1) stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 159465."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "L",
                  "C": "H",
                  "I": "N",
                  "PR": "N",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10886591",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 886591 (Application Integration and Connectivity)",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10886591"
                },
                {
                  "name": "ibm-mq-cve20194239-info-disc (159465)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159465"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4239",
        "datePublished": "2019-06-14T14:45:18.008Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:18:34.429Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4119 (GCVE-0-2019-4119)

    Vulnerability from cvelistv5 – Published: 2019-05-17 15:20 – Updated: 2024-09-16 18:44
    VLAI
    Summary
    IBM Cloud Private Kubernetes API server 2.1.0, 3.1.0, 3.1.1, and 3.1.2 can be used as an HTTP proxy to not only cluster internal but also external target IP addresses. IBM X-Force ID: 158145.
    CWE
    • Other
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Cloud Private Affected: 2.1.0
    Affected: 3.1.0
    Affected: 3.1.1
    Affected: 3.1.2
    Create a notification for this product.
    Date Public
    2019-05-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:26:27.962Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=ibm10878460"
              },
              {
                "name": "ibm-cloud-cve20194119-proxy (158145)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158145"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cloud Private",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.1.0"
                },
                {
                  "status": "affected",
                  "version": "3.1.0"
                },
                {
                  "status": "affected",
                  "version": "3.1.1"
                },
                {
                  "status": "affected",
                  "version": "3.1.2"
                }
              ]
            }
          ],
          "datePublic": "2019-05-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Cloud Private Kubernetes API server 2.1.0, 3.1.0, 3.1.1, and 3.1.2 can be used as an HTTP proxy to not only cluster internal but also external target IP addresses. IBM X-Force ID: 158145."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.1,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 2.7,
                "temporalSeverity": "LOW",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/S:U/A:N/AC:H/I:L/C:N/AV:N/UI:N/PR:L/E:U/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Other",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-05-17T15:20:16.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10878460"
            },
            {
              "name": "ibm-cloud-cve20194119-proxy (158145)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158145"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-05-15T00:00:00",
              "ID": "CVE-2019-4119",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cloud Private",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2.1.0"
                              },
                              {
                                "version_value": "3.1.0"
                              },
                              {
                                "version_value": "3.1.1"
                              },
                              {
                                "version_value": "3.1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Cloud Private Kubernetes API server 2.1.0, 3.1.0, 3.1.1, and 3.1.2 can be used as an HTTP proxy to not only cluster internal but also external target IP addresses. IBM X-Force ID: 158145."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "H",
                  "AV": "N",
                  "C": "N",
                  "I": "L",
                  "PR": "L",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Other"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=ibm10878460",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 878460 (Cloud Private)",
                  "url": "http://www.ibm.com/support/docview.wss?uid=ibm10878460"
                },
                {
                  "name": "ibm-cloud-cve20194119-proxy (158145)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158145"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4119",
        "datePublished": "2019-05-17T15:20:16.726Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:44:04.593Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4143 (GCVE-0-2019-4143)

    Vulnerability from cvelistv5 – Published: 2019-04-08 14:50 – Updated: 2024-09-17 00:10
    VLAI
    Summary
    The IBM Cloud Private Key Management Service (IBM Cloud Private 3.1.1 and 3.1.2) could allow a local user to obtain sensitive from the KMS plugin container log. IBM X-Force ID: 158348.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Cloud Private Affected: 3.1.1
    Affected: 3.1.2
    Create a notification for this product.
    Date Public
    2019-04-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:26:27.973Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10878180"
              },
              {
                "name": "ibm-cloud-cve20194143-info-disc (158348)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158348"
              },
              {
                "name": "107849",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/107849"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cloud Private",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.1.1"
                },
                {
                  "status": "affected",
                  "version": "3.1.2"
                }
              ]
            }
          ],
          "datePublic": "2019-04-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The IBM Cloud Private Key Management Service (IBM Cloud Private 3.1.1 and 3.1.2) could allow a local user to obtain sensitive from the KMS plugin container log. IBM X-Force ID: 158348."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 4.8,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/UI:N/S:U/C:H/AC:L/I:N/A:N/PR:L/RC:C/E:U/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-10T15:06:15.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10878180"
            },
            {
              "name": "ibm-cloud-cve20194143-info-disc (158348)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158348"
            },
            {
              "name": "107849",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/107849"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-04-02T00:00:00",
              "ID": "CVE-2019-4143",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cloud Private",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.1.1"
                              },
                              {
                                "version_value": "3.1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The IBM Cloud Private Key Management Service (IBM Cloud Private 3.1.1 and 3.1.2) could allow a local user to obtain sensitive from the KMS plugin container log. IBM X-Force ID: 158348."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "L",
                  "C": "H",
                  "I": "N",
                  "PR": "L",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10878180",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 878180 (Cloud Private)",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10878180"
                },
                {
                  "name": "ibm-cloud-cve20194143-info-disc (158348)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158348"
                },
                {
                  "name": "107849",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/107849"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4143",
        "datePublished": "2019-04-08T14:50:38.168Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:10:51.983Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1943 (GCVE-0-2018-1943)

    Vulnerability from cvelistv5 – Published: 2019-04-08 14:50 – Updated: 2024-09-16 18:29
    VLAI
    Summary
    IBM Cloud Private 3.1.0 and 3.1.1 is vulnerable to HTTP HOST header injection, caused by improper validation of input. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 153385.
    CWE
    • Gain Access
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Cloud Private Affected: 3.1.0
    Affected: 3.1.1
    Create a notification for this product.
    Date Public
    2019-04-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:14:39.336Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10871656"
              },
              {
                "name": "ibm-cloud-cve20181943-header-injection (153385)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153385"
              },
              {
                "name": "107828",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/107828"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cloud Private",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.1.0"
                },
                {
                  "status": "affected",
                  "version": "3.1.1"
                }
              ]
            }
          ],
          "datePublic": "2019-04-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Cloud Private 3.1.0 and 3.1.1 is vulnerable to HTTP HOST header injection, caused by improper validation of input. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 153385."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "CHANGED",
                "temporalScore": 4.7,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/UI:R/S:C/C:L/AC:L/I:L/PR:L/A:N/RC:C/E:U/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-10T09:06:03.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10871656"
            },
            {
              "name": "ibm-cloud-cve20181943-header-injection (153385)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153385"
            },
            {
              "name": "107828",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/107828"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-04-04T00:00:00",
              "ID": "CVE-2018-1943",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cloud Private",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.1.0"
                              },
                              {
                                "version_value": "3.1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Cloud Private 3.1.0 and 3.1.1 is vulnerable to HTTP HOST header injection, caused by improper validation of input. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 153385."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "L",
                  "PR": "L",
                  "S": "C",
                  "UI": "R"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10871656",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 871656 (Cloud Private)",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10871656"
                },
                {
                  "name": "ibm-cloud-cve20181943-header-injection (153385)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153385"
                },
                {
                  "name": "107828",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/107828"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2018-1943",
        "datePublished": "2019-04-08T14:50:37.897Z",
        "dateReserved": "2017-12-13T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:29:25.910Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1937 (GCVE-0-2018-1937)

    Vulnerability from cvelistv5 – Published: 2019-03-05 18:00 – Updated: 2024-09-17 02:36
    VLAI
    Summary
    IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153317.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Cloud Private Affected: 3.1.1
    Create a notification for this product.
    Date Public
    2019-03-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:14:39.562Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10871766"
              },
              {
                "name": "ibm-cloud-cve20181937-info-disc(153317)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153317"
              },
              {
                "name": "107300",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/107300"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cloud Private",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.1.1"
                }
              ]
            }
          ],
          "datePublic": "2019-03-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153317."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 3.9,
                "temporalSeverity": "LOW",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/A:N/AC:L/AV:L/C:H/I:N/PR:H/S:U/UI:N/E:U/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-07T10:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10871766"
            },
            {
              "name": "ibm-cloud-cve20181937-info-disc(153317)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153317"
            },
            {
              "name": "107300",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/107300"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-03-02T00:00:00",
              "ID": "CVE-2018-1937",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cloud Private",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153317."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "L",
                  "C": "H",
                  "I": "N",
                  "PR": "H",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10871766",
                  "refsource": "CONFIRM",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10871766"
                },
                {
                  "name": "ibm-cloud-cve20181937-info-disc(153317)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153317"
                },
                {
                  "name": "107300",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/107300"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2018-1937",
        "datePublished": "2019-03-05T18:00:00.000Z",
        "dateReserved": "2017-12-13T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:36:57.031Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1938 (GCVE-0-2018-1938)

    Vulnerability from cvelistv5 – Published: 2019-03-05 18:00 – Updated: 2024-09-16 18:03
    VLAI
    Summary
    IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153318.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Cloud Private Affected: 3.1.1
    Create a notification for this product.
    Date Public
    2019-03-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:14:39.591Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ibm-cloud-cve20181938-info-disc(153318)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153318"
              },
              {
                "name": "107299",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/107299"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10871770"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cloud Private",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.1.1"
                }
              ]
            }
          ],
          "datePublic": "2019-03-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153318."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 3.9,
                "temporalSeverity": "LOW",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/A:N/AC:L/AV:L/C:H/I:N/PR:H/S:U/UI:N/E:U/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-07T10:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "name": "ibm-cloud-cve20181938-info-disc(153318)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153318"
            },
            {
              "name": "107299",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/107299"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10871770"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-03-02T00:00:00",
              "ID": "CVE-2018-1938",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cloud Private",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153318."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "L",
                  "C": "H",
                  "I": "N",
                  "PR": "H",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ibm-cloud-cve20181938-info-disc(153318)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153318"
                },
                {
                  "name": "107299",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/107299"
                },
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10871770",
                  "refsource": "CONFIRM",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10871770"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2018-1938",
        "datePublished": "2019-03-05T18:00:00.000Z",
        "dateReserved": "2017-12-13T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:03:16.403Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1939 (GCVE-0-2018-1939)

    Vulnerability from cvelistv5 – Published: 2019-03-05 18:00 – Updated: 2024-09-16 18:14
    VLAI
    Summary
    IBM Cloud Private 3.1.1 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 153319.
    CWE
    • Gain Access
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Cloud Private Affected: 3.1.1
    Create a notification for this product.
    Date Public
    2019-03-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:14:39.440Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "107302",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/107302"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10871652"
              },
              {
                "name": "ibm-cloud-cve20181939-open-redirect(153319)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153319"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cloud Private",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.1.1"
                }
              ]
            }
          ],
          "datePublic": "2019-03-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Cloud Private 3.1.1 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 153319."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "CHANGED",
                "temporalScore": 5.9,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:N/I:H/PR:L/S:C/UI:R/E:U/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-07T10:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "name": "107302",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/107302"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10871652"
            },
            {
              "name": "ibm-cloud-cve20181939-open-redirect(153319)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153319"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-03-02T00:00:00",
              "ID": "CVE-2018-1939",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cloud Private",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Cloud Private 3.1.1 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 153319."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "N",
                  "I": "H",
                  "PR": "L",
                  "S": "C",
                  "UI": "R"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "107302",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/107302"
                },
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10871652",
                  "refsource": "CONFIRM",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10871652"
                },
                {
                  "name": "ibm-cloud-cve20181939-open-redirect(153319)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153319"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2018-1939",
        "datePublished": "2019-03-05T18:00:00.000Z",
        "dateReserved": "2017-12-13T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:14:30.293Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1843 (GCVE-0-2018-1843)

    Vulnerability from cvelistv5 – Published: 2018-11-21 15:00 – Updated: 2024-09-16 18:04
    VLAI
    Summary
    The Identity and Access Management (IAM) services (IBM Cloud Private 3.1.0) do not use a secure channel, such as SSL, to exchange information only when accessed internally from within the cluster. It could be possible for an attacker with access to network traffic to sniff packets from the connection and uncover data. IBM X-Force ID: 150903
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Cloud Private Affected: 3.1.0
    Create a notification for this product.
    Date Public
    2018-11-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:14:38.468Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=ibm10739845"
              },
              {
                "name": "ibm-cloud-cve20181843-info-disc(150903)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150903"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cloud Private",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.1.0"
                }
              ]
            }
          ],
          "datePublic": "2018-11-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Identity and Access Management (IAM) services (IBM Cloud Private 3.1.0) do not use a secure channel, such as SSL, to exchange information only when accessed internally from within the cluster. It could be possible for an attacker with access to network traffic to sniff packets from the connection and uncover data. IBM X-Force ID: 150903"
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 3.6,
                "temporalSeverity": "LOW",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/A:N/AC:H/AV:L/C:H/I:N/PR:H/S:U/UI:N/E:U/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-11-21T14:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10739845"
            },
            {
              "name": "ibm-cloud-cve20181843-info-disc(150903)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150903"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2018-11-19T00:00:00",
              "ID": "CVE-2018-1843",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cloud Private",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.1.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Identity and Access Management (IAM) services (IBM Cloud Private 3.1.0) do not use a secure channel, such as SSL, to exchange information only when accessed internally from within the cluster. It could be possible for an attacker with access to network traffic to sniff packets from the connection and uncover data. IBM X-Force ID: 150903"
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "H",
                  "AV": "L",
                  "C": "H",
                  "I": "N",
                  "PR": "H",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=ibm10739845",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=ibm10739845"
                },
                {
                  "name": "ibm-cloud-cve20181843-info-disc(150903)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150903"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2018-1843",
        "datePublished": "2018-11-21T15:00:00.000Z",
        "dateReserved": "2017-12-13T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:04:24.106Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4120 (GCVE-0-2019-4120)

    Vulnerability from nvd – Published: 2019-08-20 19:30 – Updated: 2024-09-16 20:17
    VLAI
    Summary
    IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158146.
    CWE
    • Cross-Site Scripting
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Cloud Private Affected: 3.1.1
    Affected: 3.1.2
    Create a notification for this product.
    Date Public
    2019-08-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:26:27.962Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=ibm10885328"
              },
              {
                "name": "ibm-cloud-cve20194120-xss (158146)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158146"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cloud Private",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.1.1"
                },
                {
                  "status": "affected",
                  "version": "3.1.2"
                }
              ]
            }
          ],
          "datePublic": "2019-08-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158146."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "CHANGED",
                "temporalScore": 5.2,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/UI:R/PR:L/I:L/A:N/S:C/C:L/AC:L/AV:N/E:H/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-20T19:30:25.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10885328"
            },
            {
              "name": "ibm-cloud-cve20194120-xss (158146)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158146"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-08-13T00:00:00",
              "ID": "CVE-2019-4120",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cloud Private",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.1.1"
                              },
                              {
                                "version_value": "3.1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158146."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "L",
                  "PR": "L",
                  "S": "C",
                  "UI": "R"
                },
                "TM": {
                  "E": "H",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=ibm10885328",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 885328 (Cloud Private)",
                  "url": "http://www.ibm.com/support/docview.wss?uid=ibm10885328"
                },
                {
                  "name": "ibm-cloud-cve20194120-xss (158146)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158146"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4120",
        "datePublished": "2019-08-20T19:30:25.358Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:17:38.712Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4117 (GCVE-0-2019-4117)

    Vulnerability from nvd – Published: 2019-08-20 18:25 – Updated: 2024-09-17 00:41
    VLAI
    Summary
    IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158116.
    CWE
    • Gain Access
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Cloud Private Affected: 3.1.1
    Affected: 3.1.2
    Create a notification for this product.
    Date Public
    2019-08-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:26:27.916Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=ibm10878396"
              },
              {
                "name": "ibm-cloud-cve20194117-csrf (158116)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158116"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cloud Private",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.1.1"
                },
                {
                  "status": "affected",
                  "version": "3.1.2"
                }
              ]
            }
          ],
          "datePublic": "2019-08-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158116."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 3.8,
                "temporalSeverity": "LOW",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/C:N/A:N/AC:L/S:U/AV:N/UI:R/PR:N/I:L/E:U/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-20T18:25:26.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10878396"
            },
            {
              "name": "ibm-cloud-cve20194117-csrf (158116)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158116"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-08-13T00:00:00",
              "ID": "CVE-2019-4117",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cloud Private",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.1.1"
                              },
                              {
                                "version_value": "3.1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158116."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "N",
                  "I": "L",
                  "PR": "N",
                  "S": "U",
                  "UI": "R"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=ibm10878396",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 878396 (Cloud Private)",
                  "url": "http://www.ibm.com/support/docview.wss?uid=ibm10878396"
                },
                {
                  "name": "ibm-cloud-cve20194117-csrf (158116)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158116"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4117",
        "datePublished": "2019-08-20T18:25:26.433Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:41:30.635Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4284 (GCVE-0-2019-4284)

    Vulnerability from nvd – Published: 2019-08-05 13:40 – Updated: 2024-09-17 01:45
    VLAI
    Summary
    IBM Cloud Private 2.1.0 , 3.1.0, 3.1.1, and 3.1.2 could allow a local privileged user to obtain sensitive OIDC token that is printed to log files, which could be used to log in to the system as another user. IBM X-Force ID: 160512.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Cloud Private Affected: 2.1.0
    Affected: 3.1.0
    Affected: 3.1.1
    Affected: 3.1.2
    Create a notification for this product.
    Date Public
    2019-08-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:33:37.675Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10885454"
              },
              {
                "name": "ibm-cloud-cve20194284-info-disc (160512)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160512"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cloud Private",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.1.0"
                },
                {
                  "status": "affected",
                  "version": "3.1.0"
                },
                {
                  "status": "affected",
                  "version": "3.1.1"
                },
                {
                  "status": "affected",
                  "version": "3.1.2"
                }
              ]
            }
          ],
          "datePublic": "2019-08-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Cloud Private 2.1.0 , 3.1.0, 3.1.1, and 3.1.2 could allow a local privileged user to obtain sensitive OIDC token that is printed to log files, which could be used to log in to the system as another user. IBM X-Force ID: 160512."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 3.9,
                "temporalSeverity": "LOW",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/UI:N/A:N/C:H/I:N/AC:L/S:U/AV:L/PR:H/RC:C/RL:O/E:U",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-05T13:40:15.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10885454"
            },
            {
              "name": "ibm-cloud-cve20194284-info-disc (160512)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160512"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-08-01T00:00:00",
              "ID": "CVE-2019-4284",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cloud Private",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2.1.0"
                              },
                              {
                                "version_value": "3.1.0"
                              },
                              {
                                "version_value": "3.1.1"
                              },
                              {
                                "version_value": "3.1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Cloud Private 2.1.0 , 3.1.0, 3.1.1, and 3.1.2 could allow a local privileged user to obtain sensitive OIDC token that is printed to log files, which could be used to log in to the system as another user. IBM X-Force ID: 160512."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "L",
                  "C": "H",
                  "I": "N",
                  "PR": "H",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10885454",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 885454 (Cloud Private)",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10885454"
                },
                {
                  "name": "ibm-cloud-cve20194284-info-disc (160512)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160512"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4284",
        "datePublished": "2019-08-05T13:40:15.577Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:45:57.622Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4415 (GCVE-0-2019-4415)

    Vulnerability from nvd – Published: 2019-07-25 14:30 – Updated: 2024-09-16 23:16
    VLAI
    Summary
    IBM Cloud Private 3.1.1 and 3.1.2 could allow a local user to obtain elevated privileges due to improper security context constraints. IBM X-Force ID: 162706.
    CWE
    • Gain Privileges
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Cloud Private Affected: 3.1.1
    Affected: 3.1.2
    Create a notification for this product.
    Date Public
    2019-07-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:33:38.223Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=ibm10887857"
              },
              {
                "name": "ibm-cloud-cve20194415-priv-escalation (162706)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162706"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cloud Private",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.1.1"
                },
                {
                  "status": "affected",
                  "version": "3.1.2"
                }
              ]
            }
          ],
          "datePublic": "2019-07-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Cloud Private 3.1.1 and 3.1.2 could allow a local user to obtain elevated privileges due to improper security context constraints. IBM X-Force ID: 162706."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 4.3,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/I:L/C:L/A:L/UI:N/PR:N/AC:H/S:U/RC:C/RL:O/E:U",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Privileges",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-07-25T14:30:21.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10887857"
            },
            {
              "name": "ibm-cloud-cve20194415-priv-escalation (162706)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162706"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-07-23T00:00:00",
              "ID": "CVE-2019-4415",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cloud Private",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.1.1"
                              },
                              {
                                "version_value": "3.1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Cloud Private 3.1.1 and 3.1.2 could allow a local user to obtain elevated privileges due to improper security context constraints. IBM X-Force ID: 162706."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "L",
                  "AC": "H",
                  "AV": "L",
                  "C": "L",
                  "I": "L",
                  "PR": "N",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Privileges"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=ibm10887857",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 887857 (Cloud Private)",
                  "url": "http://www.ibm.com/support/docview.wss?uid=ibm10887857"
                },
                {
                  "name": "ibm-cloud-cve20194415-priv-escalation (162706)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162706"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4415",
        "datePublished": "2019-07-25T14:30:21.128Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:16:50.754Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4439 (GCVE-0-2019-4439)

    Vulnerability from nvd – Published: 2019-07-25 14:30 – Updated: 2024-09-16 17:43
    VLAI
    Summary
    IBM Cloud Private 3.1.0, 3.1.1, and 3.1.2 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 162949.
    CWE
    • Gain Privileges
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Cloud Private Affected: 3.1.0
    Affected: 3.1.1
    Affected: 3.1.2
    Create a notification for this product.
    Date Public
    2019-07-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:33:38.227Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10884892"
              },
              {
                "name": "ibm-cloud-cve20194439-session-fixation (162949)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162949"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cloud Private",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.1.0"
                },
                {
                  "status": "affected",
                  "version": "3.1.1"
                },
                {
                  "status": "affected",
                  "version": "3.1.2"
                }
              ]
            }
          ],
          "datePublic": "2019-07-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Cloud Private 3.1.0, 3.1.1, and 3.1.2 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 162949."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 5.2,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/I:L/AV:L/C:L/A:L/AC:L/S:U/PR:N/UI:N/E:U/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Privileges",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-07-25T14:30:21.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10884892"
            },
            {
              "name": "ibm-cloud-cve20194439-session-fixation (162949)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162949"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-07-23T00:00:00",
              "ID": "CVE-2019-4439",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cloud Private",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.1.0"
                              },
                              {
                                "version_value": "3.1.1"
                              },
                              {
                                "version_value": "3.1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Cloud Private 3.1.0, 3.1.1, and 3.1.2 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 162949."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "L",
                  "AC": "L",
                  "AV": "L",
                  "C": "L",
                  "I": "L",
                  "PR": "N",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Privileges"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10884892",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 884892 (Cloud Private)",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10884892"
                },
                {
                  "name": "ibm-cloud-cve20194439-session-fixation (162949)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/162949"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4439",
        "datePublished": "2019-07-25T14:30:21.204Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:43:10.762Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4116 (GCVE-0-2019-4116)

    Vulnerability from nvd – Published: 2019-07-25 14:30 – Updated: 2024-09-16 18:09
    VLAI
    Summary
    IBM Cloud Private 2.1.0, 3.1.0, and 3.1.1 could disclose highly sensitive information in installer logs that could be use for further attacks against the system. IBM X-Force ID: 158115.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Cloud Private Affected: 2.1.0
    Affected: 3.1.0
    Affected: 3.1.1
    Create a notification for this product.
    Date Public
    2019-07-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:26:27.926Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=ibm10885318"
              },
              {
                "name": "ibm-cloud-cve20194116-info-disc (158115)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158115"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cloud Private",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.1.0"
                },
                {
                  "status": "affected",
                  "version": "3.1.0"
                },
                {
                  "status": "affected",
                  "version": "3.1.1"
                }
              ]
            }
          ],
          "datePublic": "2019-07-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Cloud Private 2.1.0, 3.1.0, and 3.1.1 could disclose highly sensitive information in installer logs that could be use for further attacks against the system. IBM X-Force ID: 158115."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 4.8,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/I:N/AV:L/C:H/A:N/UI:N/PR:L/S:U/AC:L/RC:C/RL:O/E:U",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-07-25T14:30:20.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10885318"
            },
            {
              "name": "ibm-cloud-cve20194116-info-disc (158115)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158115"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-07-23T00:00:00",
              "ID": "CVE-2019-4116",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cloud Private",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2.1.0"
                              },
                              {
                                "version_value": "3.1.0"
                              },
                              {
                                "version_value": "3.1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Cloud Private 2.1.0, 3.1.0, and 3.1.1 could disclose highly sensitive information in installer logs that could be use for further attacks against the system. IBM X-Force ID: 158115."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "L",
                  "C": "H",
                  "I": "N",
                  "PR": "L",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=ibm10885318",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 885318 (Cloud Private)",
                  "url": "http://www.ibm.com/support/docview.wss?uid=ibm10885318"
                },
                {
                  "name": "ibm-cloud-cve20194116-info-disc (158115)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158115"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4116",
        "datePublished": "2019-07-25T14:30:20.949Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:09:25.131Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4142 (GCVE-0-2019-4142)

    Vulnerability from nvd – Published: 2019-06-18 14:30 – Updated: 2024-09-16 18:48
    VLAI
    Summary
    IBM Cloud Private 2.1.0, 3.1.0, 3.1.1, and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158338.
    CWE
    • Gain Access
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Cloud Private Affected: 2.1.0
    Affected: 3.1.0
    Affected: 3.1.1
    Affected: 3.1.2
    Create a notification for this product.
    Date Public
    2019-06-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:26:28.009Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10885434"
              },
              {
                "name": "ibm-cloud-cve20194142-csrf (158338)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158338"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cloud Private",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.1.0"
                },
                {
                  "status": "affected",
                  "version": "3.1.0"
                },
                {
                  "status": "affected",
                  "version": "3.1.1"
                },
                {
                  "status": "affected",
                  "version": "3.1.2"
                }
              ]
            }
          ],
          "datePublic": "2019-06-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Cloud Private 2.1.0, 3.1.0, 3.1.1, and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158338."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 3.8,
                "temporalSeverity": "LOW",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/C:N/A:N/UI:R/I:L/S:U/AV:N/AC:L/PR:N/RL:O/E:U/RC:C",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-06-18T14:30:18.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10885434"
            },
            {
              "name": "ibm-cloud-cve20194142-csrf (158338)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158338"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-06-14T00:00:00",
              "ID": "CVE-2019-4142",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cloud Private",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2.1.0"
                              },
                              {
                                "version_value": "3.1.0"
                              },
                              {
                                "version_value": "3.1.1"
                              },
                              {
                                "version_value": "3.1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Cloud Private 2.1.0, 3.1.0, 3.1.1, and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158338."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "N",
                  "I": "L",
                  "PR": "N",
                  "S": "U",
                  "UI": "R"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10885434",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 885434 (Cloud Private)",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10885434"
                },
                {
                  "name": "ibm-cloud-cve20194142-csrf (158338)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158338"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4142",
        "datePublished": "2019-06-18T14:30:18.274Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:48:56.262Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4239 (GCVE-0-2019-4239)

    Vulnerability from nvd – Published: 2019-06-14 14:45 – Updated: 2024-09-16 17:18
    VLAI
    Summary
    IBM MQ Advanced Cloud Pak (IBM Cloud Private 1.0.0 through 3.0.1) stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 159465.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM MQ Advanced Cloud Pak (IBM Cloud Private) Affected: 1.0.0
    Affected: 1.1.0
    Affected: 1.2.0
    Affected: 1.3.0
    Affected: 2.0.0
    Affected: 2.1.0
    Affected: 2.2.0
    Affected: 2.2.1
    Affected: 2.2.2
    Affected: 2.2.3
    Affected: 3.0.0
    Affected: 3.0.1
    Create a notification for this product.
    IBM MQ Advanced Cloud Pak (IBM Cloud Private on RedHat OpenShift) Affected: 1.0.0
    Affected: 1.1.0
    Affected: 1.2.0
    Affected: 1.3.0
    Affected: 2.0.0
    Affected: 2.1.0
    Affected: 2.2.0
    Affected: 2.2.1
    Affected: 2.2.2
    Affected: 2.2.3
    Affected: 3.0.0
    Affected: 3.0.1
    Create a notification for this product.
    Date Public
    2019-06-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:33:37.768Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10886591"
              },
              {
                "name": "ibm-mq-cve20194239-info-disc (159465)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159465"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MQ Advanced Cloud Pak (IBM Cloud Private)",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0"
                },
                {
                  "status": "affected",
                  "version": "1.1.0"
                },
                {
                  "status": "affected",
                  "version": "1.2.0"
                },
                {
                  "status": "affected",
                  "version": "1.3.0"
                },
                {
                  "status": "affected",
                  "version": "2.0.0"
                },
                {
                  "status": "affected",
                  "version": "2.1.0"
                },
                {
                  "status": "affected",
                  "version": "2.2.0"
                },
                {
                  "status": "affected",
                  "version": "2.2.1"
                },
                {
                  "status": "affected",
                  "version": "2.2.2"
                },
                {
                  "status": "affected",
                  "version": "2.2.3"
                },
                {
                  "status": "affected",
                  "version": "3.0.0"
                },
                {
                  "status": "affected",
                  "version": "3.0.1"
                }
              ]
            },
            {
              "product": "MQ Advanced Cloud Pak (IBM Cloud Private on RedHat OpenShift)",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.0"
                },
                {
                  "status": "affected",
                  "version": "1.1.0"
                },
                {
                  "status": "affected",
                  "version": "1.2.0"
                },
                {
                  "status": "affected",
                  "version": "1.3.0"
                },
                {
                  "status": "affected",
                  "version": "2.0.0"
                },
                {
                  "status": "affected",
                  "version": "2.1.0"
                },
                {
                  "status": "affected",
                  "version": "2.2.0"
                },
                {
                  "status": "affected",
                  "version": "2.2.1"
                },
                {
                  "status": "affected",
                  "version": "2.2.2"
                },
                {
                  "status": "affected",
                  "version": "2.2.3"
                },
                {
                  "status": "affected",
                  "version": "3.0.0"
                },
                {
                  "status": "affected",
                  "version": "3.0.1"
                }
              ]
            }
          ],
          "datePublic": "2019-06-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM MQ Advanced Cloud Pak (IBM Cloud Private 1.0.0 through 3.0.1) stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 159465."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 5.4,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/PR:N/A:N/S:U/AV:L/I:N/AC:L/UI:N/C:H/RL:O/RC:C/E:U",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-06-14T14:45:17.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10886591"
            },
            {
              "name": "ibm-mq-cve20194239-info-disc (159465)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159465"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-06-07T00:00:00",
              "ID": "CVE-2019-4239",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MQ Advanced Cloud Pak (IBM Cloud Private)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.0.0"
                              },
                              {
                                "version_value": "1.1.0"
                              },
                              {
                                "version_value": "1.2.0"
                              },
                              {
                                "version_value": "1.3.0"
                              },
                              {
                                "version_value": "2.0.0"
                              },
                              {
                                "version_value": "2.1.0"
                              },
                              {
                                "version_value": "2.2.0"
                              },
                              {
                                "version_value": "2.2.1"
                              },
                              {
                                "version_value": "2.2.2"
                              },
                              {
                                "version_value": "2.2.3"
                              },
                              {
                                "version_value": "3.0.0"
                              },
                              {
                                "version_value": "3.0.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "MQ Advanced Cloud Pak (IBM Cloud Private on RedHat OpenShift)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.0.0"
                              },
                              {
                                "version_value": "1.1.0"
                              },
                              {
                                "version_value": "1.2.0"
                              },
                              {
                                "version_value": "1.3.0"
                              },
                              {
                                "version_value": "2.0.0"
                              },
                              {
                                "version_value": "2.1.0"
                              },
                              {
                                "version_value": "2.2.0"
                              },
                              {
                                "version_value": "2.2.1"
                              },
                              {
                                "version_value": "2.2.2"
                              },
                              {
                                "version_value": "2.2.3"
                              },
                              {
                                "version_value": "3.0.0"
                              },
                              {
                                "version_value": "3.0.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM MQ Advanced Cloud Pak (IBM Cloud Private 1.0.0 through 3.0.1) stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 159465."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "L",
                  "C": "H",
                  "I": "N",
                  "PR": "N",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10886591",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 886591 (Application Integration and Connectivity)",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10886591"
                },
                {
                  "name": "ibm-mq-cve20194239-info-disc (159465)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159465"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4239",
        "datePublished": "2019-06-14T14:45:18.008Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:18:34.429Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4119 (GCVE-0-2019-4119)

    Vulnerability from nvd – Published: 2019-05-17 15:20 – Updated: 2024-09-16 18:44
    VLAI
    Summary
    IBM Cloud Private Kubernetes API server 2.1.0, 3.1.0, 3.1.1, and 3.1.2 can be used as an HTTP proxy to not only cluster internal but also external target IP addresses. IBM X-Force ID: 158145.
    CWE
    • Other
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Cloud Private Affected: 2.1.0
    Affected: 3.1.0
    Affected: 3.1.1
    Affected: 3.1.2
    Create a notification for this product.
    Date Public
    2019-05-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:26:27.962Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=ibm10878460"
              },
              {
                "name": "ibm-cloud-cve20194119-proxy (158145)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158145"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cloud Private",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.1.0"
                },
                {
                  "status": "affected",
                  "version": "3.1.0"
                },
                {
                  "status": "affected",
                  "version": "3.1.1"
                },
                {
                  "status": "affected",
                  "version": "3.1.2"
                }
              ]
            }
          ],
          "datePublic": "2019-05-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Cloud Private Kubernetes API server 2.1.0, 3.1.0, 3.1.1, and 3.1.2 can be used as an HTTP proxy to not only cluster internal but also external target IP addresses. IBM X-Force ID: 158145."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.1,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 2.7,
                "temporalSeverity": "LOW",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/S:U/A:N/AC:H/I:L/C:N/AV:N/UI:N/PR:L/E:U/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Other",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-05-17T15:20:16.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10878460"
            },
            {
              "name": "ibm-cloud-cve20194119-proxy (158145)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158145"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-05-15T00:00:00",
              "ID": "CVE-2019-4119",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cloud Private",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2.1.0"
                              },
                              {
                                "version_value": "3.1.0"
                              },
                              {
                                "version_value": "3.1.1"
                              },
                              {
                                "version_value": "3.1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Cloud Private Kubernetes API server 2.1.0, 3.1.0, 3.1.1, and 3.1.2 can be used as an HTTP proxy to not only cluster internal but also external target IP addresses. IBM X-Force ID: 158145."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "H",
                  "AV": "N",
                  "C": "N",
                  "I": "L",
                  "PR": "L",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Other"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=ibm10878460",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 878460 (Cloud Private)",
                  "url": "http://www.ibm.com/support/docview.wss?uid=ibm10878460"
                },
                {
                  "name": "ibm-cloud-cve20194119-proxy (158145)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158145"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4119",
        "datePublished": "2019-05-17T15:20:16.726Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:44:04.593Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-4143 (GCVE-0-2019-4143)

    Vulnerability from nvd – Published: 2019-04-08 14:50 – Updated: 2024-09-17 00:10
    VLAI
    Summary
    The IBM Cloud Private Key Management Service (IBM Cloud Private 3.1.1 and 3.1.2) could allow a local user to obtain sensitive from the KMS plugin container log. IBM X-Force ID: 158348.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Cloud Private Affected: 3.1.1
    Affected: 3.1.2
    Create a notification for this product.
    Date Public
    2019-04-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:26:27.973Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10878180"
              },
              {
                "name": "ibm-cloud-cve20194143-info-disc (158348)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158348"
              },
              {
                "name": "107849",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/107849"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cloud Private",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.1.1"
                },
                {
                  "status": "affected",
                  "version": "3.1.2"
                }
              ]
            }
          ],
          "datePublic": "2019-04-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The IBM Cloud Private Key Management Service (IBM Cloud Private 3.1.1 and 3.1.2) could allow a local user to obtain sensitive from the KMS plugin container log. IBM X-Force ID: 158348."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 4.8,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/UI:N/S:U/C:H/AC:L/I:N/A:N/PR:L/RC:C/E:U/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-10T15:06:15.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10878180"
            },
            {
              "name": "ibm-cloud-cve20194143-info-disc (158348)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158348"
            },
            {
              "name": "107849",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/107849"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-04-02T00:00:00",
              "ID": "CVE-2019-4143",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cloud Private",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.1.1"
                              },
                              {
                                "version_value": "3.1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The IBM Cloud Private Key Management Service (IBM Cloud Private 3.1.1 and 3.1.2) could allow a local user to obtain sensitive from the KMS plugin container log. IBM X-Force ID: 158348."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "L",
                  "C": "H",
                  "I": "N",
                  "PR": "L",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10878180",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 878180 (Cloud Private)",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10878180"
                },
                {
                  "name": "ibm-cloud-cve20194143-info-disc (158348)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/158348"
                },
                {
                  "name": "107849",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/107849"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2019-4143",
        "datePublished": "2019-04-08T14:50:38.168Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:10:51.983Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1943 (GCVE-0-2018-1943)

    Vulnerability from nvd – Published: 2019-04-08 14:50 – Updated: 2024-09-16 18:29
    VLAI
    Summary
    IBM Cloud Private 3.1.0 and 3.1.1 is vulnerable to HTTP HOST header injection, caused by improper validation of input. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 153385.
    CWE
    • Gain Access
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Cloud Private Affected: 3.1.0
    Affected: 3.1.1
    Create a notification for this product.
    Date Public
    2019-04-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:14:39.336Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10871656"
              },
              {
                "name": "ibm-cloud-cve20181943-header-injection (153385)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153385"
              },
              {
                "name": "107828",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/107828"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cloud Private",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.1.0"
                },
                {
                  "status": "affected",
                  "version": "3.1.1"
                }
              ]
            }
          ],
          "datePublic": "2019-04-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Cloud Private 3.1.0 and 3.1.1 is vulnerable to HTTP HOST header injection, caused by improper validation of input. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 153385."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "CHANGED",
                "temporalScore": 4.7,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/UI:R/S:C/C:L/AC:L/I:L/PR:L/A:N/RC:C/E:U/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-10T09:06:03.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10871656"
            },
            {
              "name": "ibm-cloud-cve20181943-header-injection (153385)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153385"
            },
            {
              "name": "107828",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/107828"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-04-04T00:00:00",
              "ID": "CVE-2018-1943",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cloud Private",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.1.0"
                              },
                              {
                                "version_value": "3.1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Cloud Private 3.1.0 and 3.1.1 is vulnerable to HTTP HOST header injection, caused by improper validation of input. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 153385."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "L",
                  "I": "L",
                  "PR": "L",
                  "S": "C",
                  "UI": "R"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10871656",
                  "refsource": "CONFIRM",
                  "title": "IBM Security Bulletin 871656 (Cloud Private)",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10871656"
                },
                {
                  "name": "ibm-cloud-cve20181943-header-injection (153385)",
                  "refsource": "XF",
                  "title": "X-Force Vulnerability Report",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153385"
                },
                {
                  "name": "107828",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/107828"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2018-1943",
        "datePublished": "2019-04-08T14:50:37.897Z",
        "dateReserved": "2017-12-13T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:29:25.910Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1937 (GCVE-0-2018-1937)

    Vulnerability from nvd – Published: 2019-03-05 18:00 – Updated: 2024-09-17 02:36
    VLAI
    Summary
    IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153317.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Cloud Private Affected: 3.1.1
    Create a notification for this product.
    Date Public
    2019-03-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:14:39.562Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10871766"
              },
              {
                "name": "ibm-cloud-cve20181937-info-disc(153317)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153317"
              },
              {
                "name": "107300",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/107300"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cloud Private",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.1.1"
                }
              ]
            }
          ],
          "datePublic": "2019-03-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153317."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 3.9,
                "temporalSeverity": "LOW",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/A:N/AC:L/AV:L/C:H/I:N/PR:H/S:U/UI:N/E:U/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-07T10:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10871766"
            },
            {
              "name": "ibm-cloud-cve20181937-info-disc(153317)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153317"
            },
            {
              "name": "107300",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/107300"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-03-02T00:00:00",
              "ID": "CVE-2018-1937",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cloud Private",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153317."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "L",
                  "C": "H",
                  "I": "N",
                  "PR": "H",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10871766",
                  "refsource": "CONFIRM",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10871766"
                },
                {
                  "name": "ibm-cloud-cve20181937-info-disc(153317)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153317"
                },
                {
                  "name": "107300",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/107300"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2018-1937",
        "datePublished": "2019-03-05T18:00:00.000Z",
        "dateReserved": "2017-12-13T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:36:57.031Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1938 (GCVE-0-2018-1938)

    Vulnerability from nvd – Published: 2019-03-05 18:00 – Updated: 2024-09-16 18:03
    VLAI
    Summary
    IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153318.
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Cloud Private Affected: 3.1.1
    Create a notification for this product.
    Date Public
    2019-03-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:14:39.591Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ibm-cloud-cve20181938-info-disc(153318)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153318"
              },
              {
                "name": "107299",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/107299"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10871770"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cloud Private",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.1.1"
                }
              ]
            }
          ],
          "datePublic": "2019-03-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153318."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 3.9,
                "temporalSeverity": "LOW",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/A:N/AC:L/AV:L/C:H/I:N/PR:H/S:U/UI:N/E:U/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-07T10:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "name": "ibm-cloud-cve20181938-info-disc(153318)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153318"
            },
            {
              "name": "107299",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/107299"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10871770"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-03-02T00:00:00",
              "ID": "CVE-2018-1938",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cloud Private",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153318."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "L",
                  "C": "H",
                  "I": "N",
                  "PR": "H",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ibm-cloud-cve20181938-info-disc(153318)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153318"
                },
                {
                  "name": "107299",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/107299"
                },
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10871770",
                  "refsource": "CONFIRM",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10871770"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2018-1938",
        "datePublished": "2019-03-05T18:00:00.000Z",
        "dateReserved": "2017-12-13T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:03:16.403Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1939 (GCVE-0-2018-1939)

    Vulnerability from nvd – Published: 2019-03-05 18:00 – Updated: 2024-09-16 18:14
    VLAI
    Summary
    IBM Cloud Private 3.1.1 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 153319.
    CWE
    • Gain Access
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Cloud Private Affected: 3.1.1
    Create a notification for this product.
    Date Public
    2019-03-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:14:39.440Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "107302",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/107302"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.ibm.com/support/docview.wss?uid=ibm10871652"
              },
              {
                "name": "ibm-cloud-cve20181939-open-redirect(153319)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153319"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cloud Private",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.1.1"
                }
              ]
            }
          ],
          "datePublic": "2019-03-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "IBM Cloud Private 3.1.1 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 153319."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "CHANGED",
                "temporalScore": 5.9,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:N/I:H/PR:L/S:C/UI:R/E:U/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Gain Access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-07T10:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "name": "107302",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/107302"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10871652"
            },
            {
              "name": "ibm-cloud-cve20181939-open-redirect(153319)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153319"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2019-03-02T00:00:00",
              "ID": "CVE-2018-1939",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cloud Private",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "IBM Cloud Private 3.1.1 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 153319."
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "L",
                  "AV": "N",
                  "C": "N",
                  "I": "H",
                  "PR": "L",
                  "S": "C",
                  "UI": "R"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Gain Access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "107302",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/107302"
                },
                {
                  "name": "https://www.ibm.com/support/docview.wss?uid=ibm10871652",
                  "refsource": "CONFIRM",
                  "url": "https://www.ibm.com/support/docview.wss?uid=ibm10871652"
                },
                {
                  "name": "ibm-cloud-cve20181939-open-redirect(153319)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153319"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2018-1939",
        "datePublished": "2019-03-05T18:00:00.000Z",
        "dateReserved": "2017-12-13T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:14:30.293Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1843 (GCVE-0-2018-1843)

    Vulnerability from nvd – Published: 2018-11-21 15:00 – Updated: 2024-09-16 18:04
    VLAI
    Summary
    The Identity and Access Management (IAM) services (IBM Cloud Private 3.1.0) do not use a secure channel, such as SSL, to exchange information only when accessed internally from within the cluster. It could be possible for an attacker with access to network traffic to sniff packets from the connection and uncover data. IBM X-Force ID: 150903
    CWE
    • Obtain Information
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Cloud Private Affected: 3.1.0
    Create a notification for this product.
    Date Public
    2018-11-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:14:38.468Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.ibm.com/support/docview.wss?uid=ibm10739845"
              },
              {
                "name": "ibm-cloud-cve20181843-info-disc(150903)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150903"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cloud Private",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.1.0"
                }
              ]
            }
          ],
          "datePublic": "2018-11-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Identity and Access Management (IAM) services (IBM Cloud Private 3.1.0) do not use a secure channel, such as SSL, to exchange information only when accessed internally from within the cluster. It could be possible for an attacker with access to network traffic to sniff packets from the connection and uncover data. IBM X-Force ID: 150903"
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitCodeMaturity": "UNPROVEN",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 3.6,
                "temporalSeverity": "LOW",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/A:N/AC:H/AV:L/C:H/I:N/PR:H/S:U/UI:N/E:U/RC:C/RL:O",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Obtain Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-11-21T14:57:01.000Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10739845"
            },
            {
              "name": "ibm-cloud-cve20181843-info-disc(150903)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150903"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@us.ibm.com",
              "DATE_PUBLIC": "2018-11-19T00:00:00",
              "ID": "CVE-2018-1843",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cloud Private",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "3.1.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "IBM"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Identity and Access Management (IAM) services (IBM Cloud Private 3.1.0) do not use a secure channel, such as SSL, to exchange information only when accessed internally from within the cluster. It could be possible for an attacker with access to network traffic to sniff packets from the connection and uncover data. IBM X-Force ID: 150903"
                }
              ]
            },
            "impact": {
              "cvssv3": {
                "BM": {
                  "A": "N",
                  "AC": "H",
                  "AV": "L",
                  "C": "H",
                  "I": "N",
                  "PR": "H",
                  "S": "U",
                  "UI": "N"
                },
                "TM": {
                  "E": "U",
                  "RC": "C",
                  "RL": "O"
                }
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Obtain Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.ibm.com/support/docview.wss?uid=ibm10739845",
                  "refsource": "CONFIRM",
                  "url": "http://www.ibm.com/support/docview.wss?uid=ibm10739845"
                },
                {
                  "name": "ibm-cloud-cve20181843-info-disc(150903)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150903"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2018-1843",
        "datePublished": "2018-11-21T15:00:00.000Z",
        "dateReserved": "2017-12-13T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:04:24.106Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }