2 matches found
CVE-2019-4398
IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise are affected by CVE-2019-4398 across versions 2.4.x (up to 2.4.0.5) and 2.5.x (up to 2.5.0.9). It is a local information-disclosure vulnerability in SessionManagement cookies that could let a local attacker obtain sensitive information....
CVE-2019-4397
IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise are affected by CVE-2019-4397. Version ranges include 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5. The root cause is storing sensitive information in URL parameters, which can disclose data if URLs are exposed via server logs, the refer...