CVE-2019-4396

🗓️ 25 Oct 2019 16:30:36Reported by ibmType

IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP response splitting attacks

Reporter	Title	Published	Views	Family All 8
IBM Security Bulletins	Security Bulletin: IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise Edition is affected by ASoC vulnerability (CVE-2019-4396)	23 Oct 201919:10	–	ibm
Circl	CVE-2019-4396	29 Jan 202408:41	–	circl
CNVD	IBM Cloud Orchestrator HTTP Response Splitting Vulnerability	28 Oct 201900:00	–	cnvd
Cvelist	CVE-2019-4396	25 Oct 201916:30	–	cvelist
EUVD	EUVD-2019-14003	7 Oct 202500:30	–	euvd
NVD	CVE-2019-4396	25 Oct 201917:15	–	nvd
Prion	Cross site scripting	25 Oct 201917:15	–	prion
Symantec	IBM Cloud Orchestrator CVE-2019-4396 CRLF Injection Vulnerability	23 Oct 201900:00	–	symantec

NVD

Vulners

Node

ibm cloud_orchestratorRange2.4.0.0–2.4.0.5-

ibm cloud_orchestratorRange2.4.0.0–2.4.0.5enterprise

ibm cloud_orchestratorRange2.5.0.0–2.5.0.9-

ibm cloud_orchestratorRange2.5.0.0–2.5.0.9enterprise

[
  {
    "product": "Cloud Orchestrator",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "2.4"
      },
      {
        "status": "affected",
        "version": "2.4.0.1"
      },
      {
        "status": "affected",
        "version": "2.4.0.2"
      },
      {
        "status": "affected",
        "version": "2.5"
      },
      {
        "status": "affected",
        "version": "2.5.0.1"
      },
      {
        "status": "affected",
        "version": "2.4.0.3"
      },
      {
        "status": "affected",
        "version": "2.5.0.2"
      },
      {
        "status": "affected",
        "version": "2.4.0.4"
      },
      {
        "status": "affected",
        "version": "2.5.0.3"
      },
      {
        "status": "affected",
        "version": "2.5.0.4"
      },
      {
        "status": "affected",
        "version": "2.4.0.5"
      },
      {
        "status": "affected",
        "version": "2.5.0.5"
      },
      {
        "status": "affected",
        "version": "2.5.0.6"
      },
      {
        "status": "affected",
        "version": "2.5.0.7"
      },
      {
        "status": "affected",
        "version": "2.5.0.8"
      },
      {
        "status": "affected",
        "version": "2.5.0.9"
      }
    ]
  }
]

Source	Link
ibm	www.ibm.com/support/pages/node/1096354
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/162236

21 Nov 2024 04:43Current

5.5Medium risk

Vulners AI Score5.5

CVSS 23.5

CVSS 3.15.4

CVSS 35.4

EPSS0.00177

CWE-74