EUVD-2019-14007

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

IBM Cloud Orchestrator versions 2.4 and 2.5 allow remote directory traversal via crafted URL requests

Reporter	Title	Published	Views	Family All 8
IBM Security Bulletins	Security Bulletin: A security vulnerability affects IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise Edition (CVE-2019-4400)	23 Oct 201918:52	–	ibm
Circl	CVE-2019-4400	29 Jan 202408:41	–	circl
CNVD	IBM Cloud Orchestrator Path Traversal Vulnerability	28 Oct 201900:00	–	cnvd
CVE	CVE-2019-4400	25 Oct 201916:30	–	cve
Cvelist	CVE-2019-4400	25 Oct 201916:30	–	cvelist
NVD	CVE-2019-4400	25 Oct 201917:15	–	nvd
Prion	Design/Logic Flaw	25 Oct 201917:15	–	prion
Symantec	Multiple IBM Products CVE-2019-4400 Directory Traversal Vulnerability	23 Oct 201900:00	–	symantec

[
  {
    "enisaIdVendor": [
      {
        "id": "e57abe98-f424-3b73-8737-633d2a4c01ac",
        "vendor": {
          "name": "IBM"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "02fae19f-6c52-3b40-8e82-5c8b5eb0c2d6",
        "product": {
          "name": "Cloud Orchestrator"
        },
        "product_version": "2.5.0.9"
      },
      {
        "id": "04463056-4dc6-30d3-81dd-5f2ff2e208d6",
        "product": {
          "name": "Cloud Orchestrator"
        },
        "product_version": "2.4.0.1"
      },
      {
        "id": "120cb49b-51be-30b7-a262-8249478b6f94",
        "product": {
          "name": "Cloud Orchestrator"
        },
        "product_version": "2.5.0.3"
      },
      {
        "id": "2e1e01bf-17b9-3ae0-b38c-3c045644854b",
        "product": {
          "name": "Cloud Orchestrator"
        },
        "product_version": "2.5.0.7"
      },
      {
        "id": "4125e284-3b22-363d-9e89-9f66e0220c10",
        "product": {
          "name": "Cloud Orchestrator"
        },
        "product_version": "2.5.0.5"
      },
      {
        "id": "42f15c72-a4e0-3707-85b0-9bec6b35071a",
        "product": {
          "name": "Cloud Orchestrator"
        },
        "product_version": "2.5.0.2"
      },
      {
        "id": "6ef02a9b-11a7-3ff3-a2ab-73713098074a",
        "product": {
          "name": "Cloud Orchestrator"
        },
        "product_version": "2.4.0.5"
      },
      {
        "id": "835861d7-7891-3699-9c01-3ee29ab24729",
        "product": {
          "name": "Cloud Orchestrator"
        },
        "product_version": "2.5.0.8"
      },
      {
        "id": "8a4091a3-35bf-3876-9ab3-f8f2f65d16a2",
        "product": {
          "name": "Cloud Orchestrator"
        },
        "product_version": "2.4.0.3"
      },
      {
        "id": "8c20ff39-8e4f-32bb-966d-0bc84b38d530",
        "product": {
          "name": "Cloud Orchestrator"
        },
        "product_version": "2.5.0.1"
      },
      {
        "id": "8f4452f8-889e-3da9-ad2f-d4ee2521c5a2",
        "product": {
          "name": "Cloud Orchestrator"
        },
        "product_version": "2.4.0.2"
      },
      {
        "id": "92af43f4-b9be-3bc8-b230-96585c4f89ed",
        "product": {
          "name": "Cloud Orchestrator"
        },
        "product_version": "2.5"
      },
      {
        "id": "b1596a72-3a46-318d-8129-834dadc3d7bf",
        "product": {
          "name": "Cloud Orchestrator"
        },
        "product_version": "2.4"
      },
      {
        "id": "b1caf8f5-ee9a-3e2d-a382-438b57e34d68",
        "product": {
          "name": "Cloud Orchestrator"
        },
        "product_version": "2.5.0.6"
      },
      {
        "id": "cbab4cab-b549-3d05-91a8-641f72b57589",
        "product": {
          "name": "Cloud Orchestrator"
        },
        "product_version": "2.4.0.4"
      },
      {
        "id": "ec283f1a-ae94-38d1-ac98-4790e7a49598",
        "product": {
          "name": "Cloud Orchestrator"
        },
        "product_version": "2.5.0.4"
      }
    ]
  }
]

Source	Link
ibm	www.ibm.com/support/pages/node/1077129
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/162261
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

4.8Medium risk

Vulners AI Score4.8

CVSS 34.3

CVSS 24

CVSS 3.14.3

EPSS0.00247