CVE-2018-1843

MEDIUM Year: 2018
CVSS v3 Score
4.1
Medium
CVSS v2 Score
1.9
Low
Weakness Type
CWE-200
View all →

Vulnerability Description

The Identity and Access Management (IAM) services (IBM Cloud Private 3.1.0) do not use a secure channel, such as SSL, to exchange information only when accessed internally from within the cluster. It could be possible for an attacker with access to network traffic to sniff packets from the connection and uncover data. IBM X-Force ID: 150903

Related Vulnerabilities

CVE-2014-0872

MEDIUM
CVSS:4.1(Medium)

The installation process in IBM Security Key Lifecycle Manager 2.5 stores unencrypted credentials, which might allow local users to obtain sensitive information by leveraging root access. IBM X-Force ...

CWE-2002014

CVE-2015-7487

MEDIUM
CVSS:4.1(Medium)

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX002, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX002, 7.5.1, and 7.6.0 before 7.6.0.3 ...

CWE-2002015

CVE-2016-1490

MEDIUM
CVSS:4.1(Medium)

The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows allows remote attackers to obtain sensitive file names via a crafted file request to /list.

CWE-2002016

CVE-2016-5504

MEDIUM
CVSS:4.1(Medium)

Unspecified vulnerability in the Oracle Agile Product Lifecycle Management for Process component in Oracle Supply Chain Products Suite 6.1.0.4, 6.1.1.6, and 6.2.0.0 allows local users to affect confid...

CWE-2002016

CVE-2016-8313

MEDIUM
CVSS:4.1(Medium)

Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2....

CWE-2002016

CVE-2019-3811

MEDIUM
CVSS:4.1(Medium)

A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impa...

CWE-2002019