CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

IBM » Cloud Private » 3.1.1 : Security Vulnerabilities

Cpe Name:cpe:/a:ibm:cloud_private:3.1.1
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-4439 384 2019-07-25 2019-10-09
4.6
None Local Low Not required Partial Partial Partial
IBM Cloud Private 3.1.0, 3.1.1, and 3.1.2 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 162949.
2 CVE-2019-4415 264 2019-07-25 2019-10-09
4.6
None Local Low Not required Partial Partial Partial
IBM Cloud Private 3.1.1 and 3.1.2 could allow a local user to obtain elevated privileges due to improper security context constraints. IBM X-Force ID: 162706.
3 CVE-2019-4284 532 2019-08-05 2019-10-09
2.1
None Local Low Not required Partial None None
IBM Cloud Private 2.1.0 , 3.1.0, 3.1.1, and 3.1.2 could allow a local privileged user to obtain sensitive OIDC token that is printed to log files, which could be used to log in to the system as another user. IBM X-Force ID: 160512.
4 CVE-2019-4143 532 2019-04-08 2019-04-10
2.1
None Local Low Not required Partial None None
The IBM Cloud Private Key Management Service (IBM Cloud Private 3.1.1 and 3.1.2) could allow a local user to obtain sensitive from the KMS plugin container log. IBM X-Force ID: 158348.
5 CVE-2019-4142 352 CSRF 2019-06-18 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
IBM Cloud Private 2.1.0, 3.1.0, 3.1.1, and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158338.
6 CVE-2019-4120 79 XSS 2019-08-20 2019-10-09
3.5
None Remote Medium Single system None Partial None
IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158146.
7 CVE-2019-4119 20 2019-05-17 2019-10-09
5.0
None Remote Low Not required None Partial None
IBM Cloud Private Kubernetes API server 2.1.0, 3.1.0, 3.1.1, and 3.1.2 can be used as an HTTP proxy to not only cluster internal but also external target IP addresses. IBM X-Force ID: 158145.
8 CVE-2019-4117 352 CSRF 2019-08-20 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158116.
9 CVE-2019-4116 200 +Info 2019-07-25 2019-10-09
2.1
None Local Low Not required Partial None None
IBM Cloud Private 2.1.0, 3.1.0, and 3.1.1 could disclose highly sensitive information in installer logs that could be use for further attacks against the system. IBM X-Force ID: 158115.
10 CVE-2018-1943 74 XSS 2019-04-08 2019-10-09
3.5
None Remote Medium Single system None Partial None
IBM Cloud Private 3.1.0 and 3.1.1 is vulnerable to HTTP HOST header injection, caused by improper validation of input. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 153385.
11 CVE-2018-1939 601 +Info 2019-03-05 2019-10-09
5.8
None Remote Medium Not required Partial Partial None
IBM Cloud Private 3.1.1 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 153319.
12 CVE-2018-1938 311 2019-03-05 2019-10-09
2.1
None Local Low Not required Partial None None
IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153318.
13 CVE-2018-1937 311 2019-03-05 2019-10-09
2.1
None Local Low Not required Partial None None
IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153317.
Total number of vulnerabilities : 13   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.