IBM998AD350FEC06846F5A24A3EDBE6CC42F5E6ABCAC47A21233E4797405E23B6DCSecurity Bulletin: IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise Edition is affected by ASoC vulnerability (CVE-2019-4459)
0.001 Low
EPSS
Percentile
19.6%
Summary
IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise has addressed the ASoC vulnerability.
Vulnerability Details
CVEID:CVE-2019-4459
DESCRIPTION: IBM Cloud Orchestrator is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/163656> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
Affected Products and Versions
IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5, 2.5.0.1, 2.5.0.2, 2.5.0.3, 2.5.0.4, 2.5.0.5, 2.5.0.6, 2.5.0.7, 2.5.0.8, 2.5.0.9, 2.4, 2.4.0.1, 2.4.0.2, 2.4.0.3, 2.4.0.4, 2.4.0.5
Remediation/Fixes
The recommended solution is to apply the fixes as soon as practical.
| Principal Product and Version(s) | VRMF | Remediation/First Fix |
|---|---|---|
| IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise | 2.5, 2.5.0.1, 2.5.0.2, 2.5.0.3, 2.5.0.4, 2.5.0.5, 2.5.0.6, 2.5.0.7, 2.5.0.8, 2.5.0.9 |
For 2.5 versions, IBM recommends upgrading to Fix Pack 10 (2.5.0.10) of IBM Cloud Orchestrator:
<https://www.ibm.com/support/pages/ibm-cloud-orchestrator-fix-pack-10-25010-25>
IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise | 2.4, 2.4.0.1, 2.4.0.2, 2.4.0.3, 2.4.0.4, 2.4.0.5 |
Contact IBM Cloud Orchestrator support.
Workarounds and Mitigations
None
Related
0.001 Low
EPSS
Percentile
19.6%