IBM Cloud Private is vulnerable to a security vulnerability
CVEID: CVE-2018-1843 DESCRIPTION: The Identity and Access Management (IAM) services do not use a secure channel, such as SSL, to exchange information only when accessed internally from within the cluster. It could be possible for an attacker with access to network traffic to sniff packets from the connection and uncover data.
CVSS Base Score: 4.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/150903> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N)
IBM Cloud Private 3.1.0
For IBM Cloud Private 3.1.0 release, upgrade to version 3.1.1
IPsec may by enabled in IBM Cloud Private to secure communications between cluster nodes. Refer to the IBM Knowledge Center topic - Encrypting cluster data network traffic with IPsec