CVE-2018-1841

CWE-200Information Exposure3 documents3 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 84.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Cloud Private
Timeline
PublishedNov 19
Latest updateMay 13

Description

IBM Cloud Private 2.1.0 could allow a local user to obtain the CA Private Key due to it being world readable in boot/master node. IBM X-Force ID: 150901.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.5 | Impact: 3.6

Affected Packages2 packages

CVEListV5ibm/cloud_private2.1.0

🔴Vulnerability Details

2
GHSA
GHSA-rmqq-pf3r-fxfx: IBM Cloud Private 22022-05-13
CVEList
CVE-2018-1841: IBM Cloud Private 22018-11-19
CVE-2018-1841 (MEDIUM CVSS 5.5) | IBM Cloud Private 2.1.0 could allow | cvebase.io