CVE-2018-1938 : IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges

IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153318.

Published 2019-03-05 18:29:00

Updated 2019-10-09 23:39:24

Source IBM Corporation

View at NVD, CVE.org

Products affected by CVE-2018-1938

IBM » Cloud Private » Version: 3.1.1
cpe:2.3:a:ibm:cloud_private:3.1.1:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2018-1938

EPSS FAQ

0.03%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 4 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2018-1938

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.1	LOW	AV:L/AC:L/Au:N/C:P/I:N/A:N	3.9	2.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
4.4	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N	0.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None
4.4	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N	0.8	3.6	IBM Corporation
Attack Vector: Local Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2018-1938

CWE-311 Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2018-1938

http://www.securityfocus.com/bid/107299

IBM Cloud Private CVE-2018-1938 Local Information Disclosure Vulnerability
Third Party Advisory;VDB Entry
https://www.ibm.com/support/docview.wss?uid=ibm10871770

IBM Security Bulletin: A Security Vulnerability affects IBM Cloud Private - CVE-2018-1938
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/153318

IBM Cloud Private information disclosure CVE-2018-1938 Vulnerability Report
VDB Entry;Vendor Advisory

Jump to

Vulnerability Details : CVE-2018-1938

Products affected by CVE-2018-1938

Exploit prediction scoring system (EPSS) score for CVE-2018-1938

CVSS scores for CVE-2018-1938

CWE ids for CVE-2018-1938

References for CVE-2018-1938