CVE-2019-4143

Published: Apr 8, 2019Modified: Jun 17, 2026

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

The IBM Cloud Private Key Management Service (IBM Cloud Private 3.1.1 and 3.1.2) could allow a local user to obtain sensitive from the KMS plugin container log. IBM X-Force ID: 158348.

Affected (2)

Products: Ibm: Cloud Private

Ibm

1 product

Cloud Private

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Ibm Cloud Private	Version 3.1.1
Ibm Cloud Private	Version 3.1.2

Related CWEs

CWE-532

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (6)

http://www.securityfocus.com/bid/107849

Source: psirt@us.ibm.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/158348

Source: psirt@us.ibm.com

VDB EntryVendor Advisory

https://www.ibm.com/support/docview.wss?uid=ibm10878180

Source: psirt@us.ibm.com

Vendor Advisory

http://www.securityfocus.com/bid/107849

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/158348

Source: af854a3a-2127-422b-91ae-364da2661108

VDB EntryVendor Advisory

https://www.ibm.com/support/docview.wss?uid=ibm10878180

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.