Lucene search

[email protected]CVE-2019-4397

HistoryOct 24, 2019 - 12:15 p.m.

CVE-2019-4397

2019-10-2412:15:11

CWE-200

[email protected]

web.nvd.nist.gov

ibm

cloud orchestrator

security

information disclosure

vulnerability

url parameters

ibm x-force

nvd

cve-2019-4397

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.0%

JSON

IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 162239

Affected configurations

Vulners

NVD

Node

ibmcloud_orchestratorMatch2.4

ibmcloud_orchestratorMatch2.4.0.1

ibmcloud_orchestratorMatch2.4.0.2

ibmcloud_orchestratorMatch2.5

ibmcloud_orchestratorMatch2.5.0.1

ibmcloud_orchestratorMatch2.4.0.3

ibmcloud_orchestratorMatch2.5.0.2

ibmcloud_orchestratorMatch2.4.0.4

ibmcloud_orchestratorMatch2.5.0.3

ibmcloud_orchestratorMatch2.5.0.4

ibmcloud_orchestratorMatch2.4.0.5

ibmcloud_orchestratorMatch2.5.0.5

ibmcloud_orchestratorMatch2.5.0.6

ibmcloud_orchestratorMatch2.5.0.7

ibmcloud_orchestratorMatch2.5.0.8

ibmcloud_orchestratorMatch2.5.0.9

VendorProductVersionCPE
ibmcloud_orchestrator2.4cpe:2.3:a:ibm:cloud_orchestrator:2.4:*:*:*:*:*:*:*
ibmcloud_orchestrator2.4.0.1cpe:2.3:a:ibm:cloud_orchestrator:2.4.0.1:*:*:*:*:*:*:*
ibmcloud_orchestrator2.4.0.2cpe:2.3:a:ibm:cloud_orchestrator:2.4.0.2:*:*:*:*:*:*:*
ibmcloud_orchestrator2.5cpe:2.3:a:ibm:cloud_orchestrator:2.5:*:*:*:*:*:*:*
ibmcloud_orchestrator2.5.0.1cpe:2.3:a:ibm:cloud_orchestrator:2.5.0.1:*:*:*:*:*:*:*
ibmcloud_orchestrator2.4.0.3cpe:2.3:a:ibm:cloud_orchestrator:2.4.0.3:*:*:*:*:*:*:*
ibmcloud_orchestrator2.5.0.2cpe:2.3:a:ibm:cloud_orchestrator:2.5.0.2:*:*:*:*:*:*:*
ibmcloud_orchestrator2.4.0.4cpe:2.3:a:ibm:cloud_orchestrator:2.4.0.4:*:*:*:*:*:*:*
ibmcloud_orchestrator2.5.0.3cpe:2.3:a:ibm:cloud_orchestrator:2.5.0.3:*:*:*:*:*:*:*
ibmcloud_orchestrator2.5.0.4cpe:2.3:a:ibm:cloud_orchestrator:2.5.0.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	cloud_orchestrator	2.4	cpe:2.3:a:ibm:cloud_orchestrator:2.4:::::::*
ibm	cloud_orchestrator	2.4.0.1	cpe:2.3:a:ibm:cloud_orchestrator:2.4.0.1:::::::*
ibm	cloud_orchestrator	2.4.0.2	cpe:2.3:a:ibm:cloud_orchestrator:2.4.0.2:::::::*
ibm	cloud_orchestrator	2.5	cpe:2.3:a:ibm:cloud_orchestrator:2.5:::::::*
ibm	cloud_orchestrator	2.5.0.1	cpe:2.3:a:ibm:cloud_orchestrator:2.5.0.1:::::::*
ibm	cloud_orchestrator	2.4.0.3	cpe:2.3:a:ibm:cloud_orchestrator:2.4.0.3:::::::*
ibm	cloud_orchestrator	2.5.0.2	cpe:2.3:a:ibm:cloud_orchestrator:2.5.0.2:::::::*
ibm	cloud_orchestrator	2.4.0.4	cpe:2.3:a:ibm:cloud_orchestrator:2.4.0.4:::::::*
ibm	cloud_orchestrator	2.5.0.3	cpe:2.3:a:ibm:cloud_orchestrator:2.5.0.3:::::::*
ibm	cloud_orchestrator	2.5.0.4	cpe:2.3:a:ibm:cloud_orchestrator:2.5.0.4:::::::*

Rows per page:

1-10 of 161

CNA Affected

[
  {
    "product": "Cloud Orchestrator",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "2.4"
      },
      {
        "status": "affected",
        "version": "2.4.0.1"
      },
      {
        "status": "affected",
        "version": "2.4.0.2"
      },
      {
        "status": "affected",
        "version": "2.5"
      },
      {
        "status": "affected",
        "version": "2.5.0.1"
      },
      {
        "status": "affected",
        "version": "2.4.0.3"
      },
      {
        "status": "affected",
        "version": "2.5.0.2"
      },
      {
        "status": "affected",
        "version": "2.4.0.4"
      },
      {
        "status": "affected",
        "version": "2.5.0.3"
      },
      {
        "status": "affected",
        "version": "2.5.0.4"
      },
      {
        "status": "affected",
        "version": "2.4.0.5"
      },
      {
        "status": "affected",
        "version": "2.5.0.5"
      },
      {
        "status": "affected",
        "version": "2.5.0.6"
      },
      {
        "status": "affected",
        "version": "2.5.0.7"
      },
      {
        "status": "affected",
        "version": "2.5.0.8"
      },
      {
        "status": "affected",
        "version": "2.5.0.9"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/162239

www.ibm.com/support/pages/node/1077147

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.0%

JSON

Related for CVE-2019-4397

prion1 cvelist1 ibm1 symantec1 nvd1