CVE-2019-4143
Description
The IBM Cloud Private Key Management Service (IBM Cloud Private 3.1.1 and 3.1.2) could allow a local user to obtain sensitive from the KMS plugin container log. IBM X-Force ID: 158348.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
IBM Cloud Private Key Management Service (3.1.1, 3.1.2) exposes sensitive information to local users via KMS plugin container logs.
Vulnerability
IBM Cloud Private versions 3.1.1 and 3.1.2 contain a vulnerability in the Key Management Service (KMS) plugin container. Under default configurations, sensitive data may be written to the container's log files, making it accessible to any local user with the ability to read those logs [1].
Exploitation
An attacker must already have local access to the IBM Cloud Private system (i.e., a valid user account or the ability to execute commands locally). No special privileges beyond standard local user rights are required. The attacker reads the KMS plugin container log files where sensitive information is inadvertently recorded [1].
Impact
Successful exploitation results in the disclosure of sensitive information, which could include cryptographic keys or other secrets managed by the KMS. This compromises confidentiality (C) with no impact on integrity or availability as per the CVSS vector [1].
Mitigation
IBM has released fixes for IBM Cloud Private versions 3.1.1 and 3.1.2. Customers should apply the appropriate update as described in the security bulletin [1]. No workaround is documented in the available references.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: = 3.1.1 and 3.1.2
- IBM/Cloud Privatev5Range: 3.1.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- www.securityfocus.com/bid/107849mitrevdb-entryx_refsource_BID
- exchange.xforce.ibmcloud.com/vulnerabilities/158348mitrevdb-entryx_refsource_XF
- www.ibm.com/support/docview.wssmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.