IBM Cloud Private ingress log files contain sensitive information
CVEID: CVE-2019-4284 DESCRIPTION: IBM Cloud Private could allow a local privileged user to obtain sensitive OIDC token that is printed to log files, which could be used to log in to the system as another user.
CVSS Base Score: 4.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/160512> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)
IBM Cloud Private 2.1.x, 3.1.0, 3.1.1, 3.1.2
Product defect fixes and security updates are only available for the two most recent Continuous Delivery (CD) update packages
For IBM Cloud Private 3.1.2, apply patch:
For IBM Cloud Private 3.1.1, apply patch:
For IBM Cloud Private 3.1.0, apply patch:
For IBM Cloud Private, 2.1.x:
None