CVE-2019-4397

EUVD-2019-14004
IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 162239
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
ibmCNA
5.3 MEDIUM
NETWORK
HIGH
LOW
CVSS:3.0/AC:H/UI:N/S:U/PR:L/C:H/A:N/I:N/AV:N/RL:O/RC:C/E:U
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
Affected Products (NVD)
VendorProductVersion
ibmcloud_orchestrator
2.4 ≤
𝑥
≤ 2.4.0.5
ibmcloud_orchestrator
2.5 ≤
𝑥
≤ 2.5.0.9
ibmcloud_orchestrator_enterprise
2.4 ≤
𝑥
≤ 2.4.0.5
ibmcloud_orchestrator_enterprise
2.5 ≤
𝑥
≤ 2.5.0.9
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/162239
https://www.ibm.com/support/pages/node/1077147
https://exchange.xforce.ibmcloud.com/vulnerabilities/162239
https://www.ibm.com/support/pages/node/1077147