CVE-2019-4461

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Cloud Orchestrator
Vendor: CVE Published:; 25 October 2019

Summary

IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP Response Splitting caused by improper caching of content. This would allow the attacker to perform further attacks, such as Web Cache poisoning, cross-site scripting and possibly obtain sensitive information. IBM X-Force ID: 163682.

Affected Version(s)

Cloud Orchestrator 2.4

Cloud Orchestrator 2.4.0.1

Cloud Orchestrator 2.4.0.2

References

https://www.ibm.com/support/pages/node/1072684

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/163682

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 25, 2019
Vulnerability Reserved
Jan 3, 2019