Intra-service communications between IBM Cloud Private Identity and Access Management (IAM) service and Openshift uses http
CVEID: CVE-2018-1937 DESCRIPTION: IBM Cloud Private could allow a local user with administrator privileges to intercept highly sensitive unencrypted data.
CVSS Base Score: 4.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/153317> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)
IBM Cloud Private 3.1.1
For IBM Cloud Private 3.1.1:
- Encrypt cluster data network traffic with IPsec as described in the IBM Cloud Private Knowledge Center. This will create encrypted channels between all nodes and the services running on those nodes
or
- Upgrade to version 3.1.2 which can be obtained from IBM Passport Advantage
See Remediation/Fixes