CVE-2019-4397
Last modified
CVE-2019-4397 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. EPSS estimates a 0.96% chance of exploitation in the next 30 days.
Description
IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 162239
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Cloud Orchestrator | >= 2.4, <= 2.4.0.5 |
| Ibm | Cloud Orchestrator | >= 2.5, <= 2.5.0.9 |
| Ibm | Cloud Orchestrator Enterprise | >= 2.4, <= 2.4.0.5 |
| Ibm | Cloud Orchestrator Enterprise | >= 2.5, <= 2.5.0.9 |
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/162239VDB Entry, Vendor Advisory
- https://www.ibm.com/support/pages/node/1077147Patch, Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/162239VDB Entry, Vendor Advisory
- https://www.ibm.com/support/pages/node/1077147Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-4397?
How severe is CVE-2019-4397?
How do I fix CVE-2019-4397?
Are you affected by CVE-2019-4397?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST