CVE-2019-4461
5.4
CVSS:3.0/AV:N/AC:L/I:L/PR:L/S:C/C:L/A:N/UI:R/E:U/RL:O/RC:C
Summary
IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP Response Splitting caused by improper caching of content. This would allow the attacker to perform further attacks, such as Web Cache poisoning, cross-site scripting and possibly obtain sensitive information. IBM X-Force ID: 163682.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| IBM | Cloud Orchestrator | 2.4 | affected |
| IBM | Cloud Orchestrator | 2.4.0.1 | affected |
| IBM | Cloud Orchestrator | 2.4.0.2 | affected |
| IBM | Cloud Orchestrator | 2.5 | affected |
| IBM | Cloud Orchestrator | 2.5.0.1 | affected |
| IBM | Cloud Orchestrator | 2.4.0.3 | affected |
| IBM | Cloud Orchestrator | 2.5.0.2 | affected |
| IBM | Cloud Orchestrator | 2.4.0.4 | affected |
| IBM | Cloud Orchestrator | 2.5.0.3 | affected |
| IBM | Cloud Orchestrator | 2.5.0.4 | affected |
| IBM | Cloud Orchestrator | 2.4.0.5 | affected |
| IBM | Cloud Orchestrator | 2.5.0.5 | affected |
| IBM | Cloud Orchestrator | 2.5.0.6 | affected |
| IBM | Cloud Orchestrator | 2.5.0.7 | affected |
| IBM | Cloud Orchestrator | 2.5.0.8 | affected |
| IBM | Cloud Orchestrator | 2.5.0.9 | affected |
Weaknesses
- Gain Access
ADP Enrichment
CVE Program Container
Additional References
- https://www.ibm.com/support/pages/node/1072684
- https://exchange.xforce.ibmcloud.com/vulnerabilities/163682
References
- https://www.ibm.com/support/pages/node/1072684
- https://exchange.xforce.ibmcloud.com/vulnerabilities/163682
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.