Vulnerabilities > IBM > Cloud Private > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-05 | CVE-2018-1937 | Missing Encryption of Sensitive Data vulnerability in IBM Cloud Private 3.1.1 IBM Cloud Private 3.1.1 could alllow a local user with administrator privileges to intercept highly sensitive unencrypted data. | 4.4 |
| 2018-11-21 | CVE-2018-1843 | Information Exposure vulnerability in IBM Cloud Private 3.1.0 The Identity and Access Management (IAM) services (IBM Cloud Private 3.1.0) do not use a secure channel, such as SSL, to exchange information only when accessed internally from within the cluster. | 4.1 |
| 2018-11-19 | CVE-2018-1841 | Information Exposure vulnerability in IBM Cloud Private 2.1.0 IBM Cloud Private 2.1.0 could allow a local user to obtain the CA Private Key due to it being world readable in boot/master node. | 5.5 |