IBM20181121-9186

Added CVE-2018-1843
2025-06-10 02:04:31 +00:00 · 2018-11-21 09:18:06 -05:00 · 2018-11-21 09:18:06 -05:00 · 7c14c054c6
commit 7c14c054c6
parent 3353fc9ed9
1 changed files with 82 additions and 10 deletions
--- a/2018/1xxx/CVE-2018-1843.json
+++ b/2018/1xxx/CVE-2018-1843.json
@ -1,18 +1,90 @@
 {
-   "CVE_data_meta" : {
-      "ASSIGNER" : "cve@mitre.org",
-      "ID" : "CVE-2018-1843",
-      "STATE" : "RESERVED"
-   },
-   "data_format" : "MITRE",
   "data_type" : "CVE",
-   "data_version" : "4.0",
+   "data_format" : "MITRE",
+   "affects" : {
+      "vendor" : {
+         "vendor_data" : [
+            {
+               "vendor_name" : "IBM",
+               "product" : {
+                  "product_data" : [
+                     {
+                        "product_name" : "Cloud Private",
+                        "version" : {
+                           "version_data" : [
+                              {
+                                 "version_value" : "3.1.0"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               }
+            }
+         ]
+      }
+   },
+   "impact" : {
+      "cvssv3" : {
+         "TM" : {
+            "RC" : "C",
+            "E" : "U",
+            "RL" : "O"
+         },
+         "BM" : {
+            "A" : "N",
+            "S" : "U",
+            "C" : "H",
+            "I" : "N",
+            "SCORE" : "4.100",
+            "PR" : "H",
+            "AV" : "L",
+            "UI" : "N",
+            "AC" : "H"
+         }
+      }
+   },
+   "problemtype" : {
+      "problemtype_data" : [
+         {
+            "description" : [
+               {
+                  "lang" : "eng",
+                  "value" : "Obtain Information"
+               }
+            ]
+         }
+      ]
+   },
   "description" : {
      "description_data" : [
         {
-            "lang" : "eng",
-            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
+            "value" : "The Identity and Access Management (IAM) services (IBM Cloud Private 3.1.0) do not use a secure channel, such as SSL, to exchange information only when accessed internally from within the cluster. It could be possible for an attacker with access to network traffic to sniff packets from the connection and uncover data.  IBM X-Force ID:  150903",
+            "lang" : "eng"
         }
      ]
-   }
+   },
+   "CVE_data_meta" : {
+      "ASSIGNER" : "psirt@us.ibm.com",
+      "ID" : "CVE-2018-1843",
+      "STATE" : "PUBLIC",
+      "DATE_PUBLIC" : "2018-11-19T00:00:00"
+   },
+   "references" : {
+      "reference_data" : [
+         {
+            "title" : "IBM Security Bulletin 0739845 (Cloud Private)",
+            "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10739845",
+            "refsource" : "CONFIRM",
+            "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10739845"
+         },
+         {
+            "name" : "ibm-cloud-cve20181843-info-disc (150903)",
+            "title" : "X-Force Vulnerability Report",
+            "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/150903",
+            "refsource" : "XF"
+         }
+      ]
+   },
+   "data_version" : "4.0"
 }