EUVD-2019-14005

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

IBM Cloud Orchestrator vulnerabilities allow local users to access sensitive SessionManagement cookies.

Reporter	Title	Published	Views	Family All 8
IBM Security Bulletins	Security Bulletin: A security vulnerability affects IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise Edition (CVE-2019-4398)	23 Oct 201907:47	–	ibm
Circl	CVE-2019-4398	27 Jan 202410:41	–	circl
CNVD	IBM Cloud Orchestrator Information Disclosure Vulnerability (CNVD-2019-39208)	24 Oct 201900:00	–	cnvd
CVE	CVE-2019-4398	24 Oct 201912:00	–	cve
Cvelist	CVE-2019-4398	24 Oct 201912:00	–	cvelist
NVD	CVE-2019-4398	24 Oct 201912:15	–	nvd
Prion	Code injection	24 Oct 201912:15	–	prion
Symantec	IBM Cloud Orchestrator CVE-2019-4398 Local Information Disclosure Vulnerability	23 Oct 201900:00	–	symantec

[
  {
    "enisaIdVendor": [
      {
        "id": "0918a9bf-dc19-36b4-85df-decb1db55ef4",
        "vendor": {
          "name": "IBM"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "18835eec-bf2f-3fc7-b56d-95dab8c3589f",
        "product": {
          "name": "Cloud Orchestrator"
        },
        "product_version": "2.4.0.1"
      },
      {
        "id": "191e13d5-5c53-3396-80fb-45a02239ae42",
        "product": {
          "name": "Cloud Orchestrator"
        },
        "product_version": "2.4.0.2"
      },
      {
        "id": "2e880771-8eb0-3ee3-8346-547ccbd67564",
        "product": {
          "name": "Cloud Orchestrator"
        },
        "product_version": "2.4.0.5"
      },
      {
        "id": "51e57f3a-d8b6-3283-a6bc-1eaf1764de68",
        "product": {
          "name": "Cloud Orchestrator"
        },
        "product_version": "2.4.0.3"
      },
      {
        "id": "59ff66d9-1061-3a12-96bd-1c320977023d",
        "product": {
          "name": "Cloud Orchestrator"
        },
        "product_version": "2.5.0.7"
      },
      {
        "id": "6ea33a46-e934-376b-a2f0-05a026bbea01",
        "product": {
          "name": "Cloud Orchestrator"
        },
        "product_version": "2.4.0.4"
      },
      {
        "id": "6ece0f44-26d6-36cf-8016-8fd9fbd16d94",
        "product": {
          "name": "Cloud Orchestrator"
        },
        "product_version": "2.5.0.6"
      },
      {
        "id": "88a366d9-aab2-3bba-bb75-8e7e5dfa8d9a",
        "product": {
          "name": "Cloud Orchestrator"
        },
        "product_version": "2.5.0.4"
      },
      {
        "id": "980b1d36-5275-3614-8771-f3b4586ee825",
        "product": {
          "name": "Cloud Orchestrator"
        },
        "product_version": "2.4"
      },
      {
        "id": "99fd2285-178f-3ae5-b53c-a6bc97e83e59",
        "product": {
          "name": "Cloud Orchestrator"
        },
        "product_version": "2.5.0.5"
      },
      {
        "id": "9e00eb95-c87f-3c01-b464-8dbe54b6f7dc",
        "product": {
          "name": "Cloud Orchestrator"
        },
        "product_version": "2.5.0.8"
      },
      {
        "id": "a2887324-333c-3a15-be6e-d084b0a331ee",
        "product": {
          "name": "Cloud Orchestrator"
        },
        "product_version": "2.5.0.1"
      },
      {
        "id": "a4602b73-004f-3ce6-80ce-988da41e7394",
        "product": {
          "name": "Cloud Orchestrator"
        },
        "product_version": "2.5.0.2"
      },
      {
        "id": "c4b0c11f-6b88-3f4a-b9ed-d3b35beff782",
        "product": {
          "name": "Cloud Orchestrator"
        },
        "product_version": "2.5.0.3"
      },
      {
        "id": "db8e9769-4638-3ae2-a4cd-9c9b61aa7610",
        "product": {
          "name": "Cloud Orchestrator"
        },
        "product_version": "2.5"
      },
      {
        "id": "e681943f-c2f9-3078-a063-335641fef974",
        "product": {
          "name": "Cloud Orchestrator"
        },
        "product_version": "2.5.0.9"
      }
    ]
  }
]

Source	Link
ibm	www.ibm.com/support/pages/node/1077123
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/162259
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

4.6Medium risk

Vulners AI Score4.6

CVSS 34

CVSS 22.1

CVSS 3.13.3

EPSS0.00085