HTTP Response Splitting Vulnerability in IBM Cloud Orchestrator
CVE-2019-4461
5.4MEDIUM
Summary
IBM Cloud Orchestrator versions 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 are susceptible to an HTTP Response Splitting vulnerability. This vulnerability arises from improper content caching, enabling attackers to exploit it for malicious purposes, including Web Cache Poisoning and Cross-Site Scripting (XSS). Consequently, attackers may gain access to sensitive information or manipulate content delivered to users. It is crucial for organizations using these versions to implement the necessary fixes as detailed in IBM's advisories.
Affected Version(s)
Cloud Orchestrator 2.4
Cloud Orchestrator 2.4.0.1
Cloud Orchestrator 2.4.0.2
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved