15 matches found
CVE-2019-4461
CVE-2019-4461 affects IBM Cloud Orchestrator and Enterprise editions. The issue is HTTP Response Splitting due to improper caching of content, enabling cache poisoning and potentially enabling cross-site scripting and disclosure of sensitive information. Affected versions include IBM Cloud Orches...
CVE-2019-4396
CVE-2019-4396 affects IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise. The vulnerability is an HTTP response splitting issue caused by improper validation of user-supplied input, allowing an attacker to inject arbitrary HTTP headers and trigger a split response (potential web cache p...
CVE-2019-4394
CVE-2019-4394 affects IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise (versions 2.4, 2.4.0.x, and 2.5, 2.5.0.x). The issue arises from APIs that local users can abuse to send email, enabling potential abuse within the affected system. The IBM security bulletin confirms mitigation via...
CVE-2019-4395
CVE-2019-4395 affects IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise. The vulnerability enables a local attacker to obtain sensitive information from temporary script files. Affected versions include IBM Cloud Orchestrator/Enterprise 2.4, 2.4.0.1–2.4.0.5, and 2.5, 2.5.0.1–2.5.0.9. I...
CVE-2019-4400
CVE-2019-4400 is a path traversal in IBM Cloud Orchestrator affecting IBM Cloud Orchestrator and Enterprise Editions: versions 2.4 (including 2.4.0.1–2.4.0.5) and 2.5 (including 2.5.0.1–2.5.0.9). A remote attacker could use /../ sequences in a crafted URL to view arbitrary files. Remediation prov...
CVE-2019-4399
CVE-2019-4399 affects IBM Cloud Orchestrator product families (IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise) versions 2.4 to 2.4.5 and 2.5 to 2.5.9. The root cause is the use of weaker cryptographic algorithms that could allow an attacker to decrypt highly sensitive information, r...
CVE-2019-4459
CVE-2019-4459 affects IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise (versions 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5). The issue is a cross-site scripting vulnerability that allows embedded JavaScript in the Web UI, potentially leading to credentials disclosure within a truste...
CVE-2019-4398
IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise are affected by CVE-2019-4398 across versions 2.4.x (up to 2.4.0.5) and 2.5.x (up to 2.5.0.9). It is a local information-disclosure vulnerability in SessionManagement cookies that could let a local attacker obtain sensitive information....
CVE-2019-4397
IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise are affected by CVE-2019-4397. Version ranges include 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5. The root cause is storing sensitive information in URL parameters, which can disclose data if URLs are exposed via server logs, the refer...
CVE-2016-0203
The CVE-2016-0203 issue affects IBM Cloud Orchestrator task API. An authenticated user could view background information related to actions on virtual machines within projects the user belongs to. The IBM advisory lists affected releases (Cloud Orchestrator V2.5 and V2.4 families, plus SmartCloud...
CVE-2016-0202
CVE-2016-0202 affects IBM Cloud Orchestrator; authenticated users could view tasks in their own domain via the View All User Domain Tasks backend object. Impact is information disclosure with CVSSv3 base score 3.3 (LOW) and CVSSv2 base score 2.1 (LOW). Affected versions include IBM Cloud Orchestr...
CVE-2016-0206
CVE-2016-0206 affects IBM Cloud Orchestrator; a local authenticated attacker could slow the server by using a specially crafted malformed URL to the teamwork executeServiceByName API. Affected versions include V2.3, V2.3.0.1, V2.4, V2.4.0.1, V2.4.0.2. IBM lists a fix in Fix Pack 3 (2.4.0.3) or la...
CVE-2015-7494
The CVE-2015-7494 entry relates to IBM Cloud Orchestrator: an authenticated domain admin could modify cross-domain resources via the services/[action]/launch API if able to obtain a resource identifier from another domain. The IBM bulletin details affected products (IBM Cloud Orchestrator and IBM...
CVE-2016-0204
The CVE-2016-0204 entry describes an Open Redirect vulnerability in IBM Cloud Orchestrator 2.4.x, fixed in 2.4.0 FP3. The flaw allows remote authenticated users to redirect others to arbitrary external sites via unspecified vectors, enabling phishing scenarios. Documented impact is partial confid...
CVE-2016-0205
CVE-2016-0205 affects IBM Cloud Orchestrator 2.3, 2.3.0.1, 2.4, and 2.4.0.1. The vulnerability permits an attacker after authentication to enumerate valid users, indicating an information-disclosure risk. Public sources (NVD/CNVD) describe the impact as user enumeration. No explicit remediation o...