CVE-2019-4284

IBM Cloud Private 2.1.0 , 3.1.0, 3.1.1, and 3.1.2 could allow a local privileged user to obtain sensitive OIDC token that is printed to log files, which could be used to log in to the system as another user. IBM X-Force ID: 160512.

Published : 2019-08-05 14:15 Updated : 2019-10-09 23:50

2.1
CVSS Score More info
Score 2.1 / 10
2.1
Vendor Product Version URI
Ibm Cloud Private 2.1.0 cpe:/a:ibm:cloud_private:2.1.0
Ibm Cloud Private 2.1.0.1 cpe:/a:ibm:cloud_private:2.1.0.1
Ibm Cloud Private 2.1.0.2 cpe:/a:ibm:cloud_private:2.1.0.2
Ibm Cloud Private 2.1.0.3 cpe:/a:ibm:cloud_private:2.1.0.3
Ibm Cloud Private 3.1.0 cpe:/a:ibm:cloud_private:3.1.0
Ibm Cloud Private 3.1.1 cpe:/a:ibm:cloud_private:3.1.1
Ibm Cloud Private 3.1.2 cpe:/a:ibm:cloud_private:3.1.2
  1. Ibm (1) Search CVE
    1. Cloud Private (7) Search CVE
      1. 2.1.0
      2. 2.1.0.1
      3. 2.1.0.2
      4. 2.1.0.3
      5. 3.1.0
      6. 3.1.1
      7. 3.1.2

CWE

ID Name Description Links
CWE-532 Information Exposure Through Log Files Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. CVE

History of changes

Date Event
2019-08-09 16:00
2019-08-05 14:15

New CVE