CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1939
https://notcve.org/view.php?id=CVE-2018-1939
IBM Cloud Private 3.1.1 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 153319. IBM Cloud Private, en su versión 3.1.1, podría permitir que un atacante remoto lleve a cabo ataques de phishing empleando un ataque de redirección abierta. • http://www.securityfocus.com/bid/107302 https://exchange.xforce.ibmcloud.com/vulnerabilities/153319 https://www.ibm.com/support/docview.wss?uid=ibm10871652 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1937
https://notcve.org/view.php?id=CVE-2018-1937
IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153317. IBM Cloud Private, en su versión 3.1.1, podría permitir a un usuario local con privilegios del administrador interceptar datos sensibles sin cifrar. IBM X-Force ID: 153317. • http://www.securityfocus.com/bid/107300 https://exchange.xforce.ibmcloud.com/vulnerabilities/153317 https://www.ibm.com/support/docview.wss?uid=ibm10871766 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1938
https://notcve.org/view.php?id=CVE-2018-1938
IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. IBM X-Force ID: 153318. IBM Cloud Private, en su versión 3.1.1, podría permitir a un usuario local con privilegios del administrador interceptar datos sensibles sin cifrar. IBM X-Force ID: 153318. • http://www.securityfocus.com/bid/107299 https://exchange.xforce.ibmcloud.com/vulnerabilities/153318 https://www.ibm.com/support/docview.wss?uid=ibm10871770 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 4.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1843
https://notcve.org/view.php?id=CVE-2018-1843
The Identity and Access Management (IAM) services (IBM Cloud Private 3.1.0) do not use a secure channel, such as SSL, to exchange information only when accessed internally from within the cluster. It could be possible for an attacker with access to network traffic to sniff packets from the connection and uncover data. IBM X-Force ID: 150903 Los servicios IAM (Identity and Access Management) como IBM Cloud Private 3.1.0 no emplean un canal seguro, como SSL, para intercambiar información solo cuando se accede de forma interna desde dentro del clúster. Podría ser posible para un atacante con acceso al tráfico de red rastrear paquetes desde la conexión y descubrir datos. IBM X-Force ID: 150903 • http://www.ibm.com/support/docview.wss?uid=ibm10739845 https://exchange.xforce.ibmcloud.com/vulnerabilities/150903 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •