Vulnerabilities > IBM > Cloud Private
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-08 | CVE-2018-1943 | Injection vulnerability in IBM Cloud Private 3.1.0/3.1.1 IBM Cloud Private 3.1.0 and 3.1.1 is vulnerable to HTTP HOST header injection, caused by improper validation of input. | 5.4 |
| 2019-03-05 | CVE-2018-1939 | Open Redirect vulnerability in IBM Cloud Private 3.1.1 IBM Cloud Private 3.1.1 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 6.1 |
| 2019-03-05 | CVE-2018-1938 | Missing Encryption of Sensitive Data vulnerability in IBM Cloud Private 3.1.1 IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. | 4.4 |
| 2019-03-05 | CVE-2018-1937 | Missing Encryption of Sensitive Data vulnerability in IBM Cloud Private 3.1.1 IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. | 4.4 |
| 2018-11-21 | CVE-2018-1843 | Information Exposure vulnerability in IBM Cloud Private 3.1.0 The Identity and Access Management (IAM) services (IBM Cloud Private 3.1.0) do not use a secure channel, such as SSL, to exchange information only when accessed internally from within the cluster. | 4.1 |
| 2018-11-19 | CVE-2018-1841 | Information Exposure vulnerability in IBM Cloud Private 2.1.0 IBM Cloud Private 2.1.0 could allow a local user to obtain the CA Private Key due to it being world readable in boot/master node. | 5.5 |