CVE-2019-4459

Summary

IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 163656.

Affected Software

VendorProductVersion RangeStatus
IBMCloud Orchestrator2.4affected
IBMCloud Orchestrator2.4.0.1affected
IBMCloud Orchestrator2.4.0.2affected
IBMCloud Orchestrator2.5affected
IBMCloud Orchestrator2.5.0.1affected
IBMCloud Orchestrator2.4.0.3affected
IBMCloud Orchestrator2.5.0.2affected
IBMCloud Orchestrator2.4.0.4affected
IBMCloud Orchestrator2.5.0.3affected
IBMCloud Orchestrator2.5.0.4affected
IBMCloud Orchestrator2.4.0.5affected
IBMCloud Orchestrator2.5.0.5affected
IBMCloud Orchestrator2.5.0.6affected
IBMCloud Orchestrator2.5.0.7affected
IBMCloud Orchestrator2.5.0.8affected
IBMCloud Orchestrator2.5.0.9affected

Weaknesses

  • Cross-Site Scripting

ADP Enrichment

CVE Program Container

Additional References

References