exploitDog

GHSA-rx49-5ww7-rr37

Опубликовано: 13 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 4.1

Описание

The Identity and Access Management (IAM) services (IBM Cloud Private 3.1.0) do not use a secure channel, such as SSL, to exchange information only when accessed internally from within the cluster. It could be possible for an attacker with access to network traffic to sniff packets from the connection and uncover data. IBM X-Force ID: 150903

The Identity and Access Management (IAM) services (IBM Cloud Private 3.1.0) do not use a secure channel, such as SSL, to exchange information only when accessed internally from within the cluster. It could be possible for an attacker with access to network traffic to sniff packets from the connection and uncover data. IBM X-Force ID: 150903

Ссылки

EPSS

Процентиль: 15%

0.00047

Низкий

4.1 Medium

CVSS3

CVE ID

Дефекты

CWE-200

Связанные уязвимости

CVE-2018-1843

CVSS3: 4.1

nvd

около 7 лет назад

The Identity and Access Management (IAM) services (IBM Cloud Private 3.1.0) do not use a secure channel, such as SSL, to exchange information only when accessed internally from within the cluster. It could be possible for an attacker with access to network traffic to sniff packets from the connection and uncover data. IBM X-Force ID: 150903

BDU:2018-01540

CVSS3: 4.1

fstec

около 7 лет назад

Уязвимость системы идентификации и управления доступом облачного хранилища IBM Cloud Private, позволяющая нарушителю раскрыть защищаемую информацию

EPSS

Процентиль: 15%

0.00047

Низкий

4.1 Medium

CVSS3

CVE ID

Дефекты

CWE-200