Local Email Sending Vulnerability in IBM Cloud Orchestrator
CVE-2019-4394

2.3LOW

Key Information:

Vendor
IBM
Status
Cloud Orchestrator
Vendor
CVE Published:
25 October 2019

Summary

IBM Cloud Orchestrator versions 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 may allow local users to leverage specific API functionalities to send unsolicited emails. This could lead to unauthorized dissemination of information and potentially violate privacy policies.

Affected Version(s)

Cloud Orchestrator 2.4

Cloud Orchestrator 2.4.0.1

Cloud Orchestrator 2.4.0.2

References

https://www.ibm.com/support/pages/node/1097301
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/162232
vdb-entryx_refsource_XF

CVSS V3.1

Score:
2.3
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.