HTTP Response Splitting Vulnerability in IBM Cloud Orchestrator
CVE-2019-4461

5.4MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
25 October 2019

Summary

IBM Cloud Orchestrator versions 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 are susceptible to an HTTP Response Splitting vulnerability. This vulnerability arises from improper content caching, enabling attackers to exploit it for malicious purposes, including Web Cache Poisoning and Cross-Site Scripting (XSS). Consequently, attackers may gain access to sensitive information or manipulate content delivered to users. It is crucial for organizations using these versions to implement the necessary fixes as detailed in IBM's advisories.

Affected Version(s)

Cloud Orchestrator 2.4

Cloud Orchestrator 2.4.0.1

Cloud Orchestrator 2.4.0.2

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.