Multiple IBM Products CVE-2019-4395 Local Information Disclosure Vulnerability

2019-10-23T00:00:00
ID SMNTC-110641
Type symantec
Reporter Symantec Security Response
Modified 2019-10-23T00:00:00

Description

Description

Multiple IBM products are prone to a local information-disclosure vulnerability. Exploiting this issue may allow a local attacker to obtain sensitive information that may aid in further attacks.

Technologies Affected

  • IBM Cloud Orchestrator 2.4
  • IBM Cloud Orchestrator 2.4.0.1
  • IBM Cloud Orchestrator 2.4.0.2
  • IBM Cloud Orchestrator 2.4.0.3
  • IBM Cloud Orchestrator 2.4.0.4
  • IBM Cloud Orchestrator 2.4.0.5
  • IBM Cloud Orchestrator 2.5
  • IBM Cloud Orchestrator 2.5.0.1
  • IBM Cloud Orchestrator 2.5.0.2
  • IBM Cloud Orchestrator 2.5.0.3
  • IBM Cloud Orchestrator 2.5.0.4
  • IBM Cloud Orchestrator 2.5.0.5
  • IBM Cloud Orchestrator 2.5.0.6
  • IBM Cloud Orchestrator 2.5.0.7
  • IBM Cloud Orchestrator 2.5.0.8
  • IBM Cloud Orchestrator 2.5.0.9
  • IBM Cloud Orchestrator Enterprise 2.4
  • IBM Cloud Orchestrator Enterprise 2.4.0.1
  • IBM Cloud Orchestrator Enterprise 2.4.0.2
  • IBM Cloud Orchestrator Enterprise 2.4.0.3
  • IBM Cloud Orchestrator Enterprise 2.4.0.4
  • IBM Cloud Orchestrator Enterprise 2.4.0.5
  • IBM Cloud Orchestrator Enterprise 2.5
  • IBM Cloud Orchestrator Enterprise 2.5.0.1
  • IBM Cloud Orchestrator Enterprise 2.5.0.2
  • IBM Cloud Orchestrator Enterprise 2.5.0.3
  • IBM Cloud Orchestrator Enterprise 2.5.0.4
  • IBM Cloud Orchestrator Enterprise 2.5.0.5
  • IBM Cloud Orchestrator Enterprise 2.5.0.6
  • IBM Cloud Orchestrator Enterprise 2.5.0.7
  • IBM Cloud Orchestrator Enterprise 2.5.0.8
  • IBM Cloud Orchestrator Enterprise 2.5.0.9

Recommendations

Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.
Given the local nature of this issue, grant only trusted and accountable individuals access to affected computers.

Updates are available. Please see the references or vendor advisory for more information.