CVE-2019-4143

CWE-532Log File Information Exposure3 documents3 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 84.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Cloud Private
Timeline
PublishedApr 8
Latest updateMay 14

Description

The IBM Cloud Private Key Management Service (IBM Cloud Private 3.1.1 and 3.1.2) could allow a local user to obtain sensitive from the KMS plugin container log. IBM X-Force ID: 158348.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5ibm/cloud_private3.1.1, 3.1.2+1
NVDibm/cloud_private3.1.1, 3.1.2+1

🔴Vulnerability Details

2
GHSA
GHSA-rxvw-fjr2-pcjp: The IBM Cloud Private Key Management Service (IBM Cloud Private 32022-05-14
CVEList
CVE-2019-4143: The IBM Cloud Private Key Management Service (IBM Cloud Private 32019-04-08
CVE-2019-4143 (MEDIUM CVSS 5.5) | The IBM Cloud Private Key Managemen | cvebase.io