HTTP Response Splitting Vulnerability in IBM Cloud Orchestrator
CVE-2019-4461

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Cloud Orchestrator
Vendor: CVE Published:; 25 October 2019

Summary

IBM Cloud Orchestrator versions 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 are susceptible to an HTTP Response Splitting vulnerability. This vulnerability arises from improper content caching, enabling attackers to exploit it for malicious purposes, including Web Cache Poisoning and Cross-Site Scripting (XSS). Consequently, attackers may gain access to sensitive information or manipulate content delivered to users. It is crucial for organizations using these versions to implement the necessary fixes as detailed in IBM's advisories.

Affected Version(s)

Cloud Orchestrator 2.4

Cloud Orchestrator 2.4.0.1

Cloud Orchestrator 2.4.0.2

References

https://www.ibm.com/support/pages/node/1072684

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/163682

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 25, 2019
Vulnerability Reserved
Jan 3, 2019