CVE-2019-4397Sensitive Information Exposure in IBM Cloud Orchestrator

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 52.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Cloud OrchestratorIBM Cloud Orchestrator Enterprise
Timeline
PublishedOct 24
Latest updateMay 24

Description

IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 162239

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

NVDibm/cloud_orchestrator_enterprise2.42.4.0.5+1
NVDibm/cloud_orchestrator2.42.4.0.5+1
CVEListV5ibm/cloud_orchestrator16 versions+15

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-fv6q-cpfx-7rj8: IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 22022-05-24
CVEList
CVE-2019-4397: IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 22019-10-24
CVE-2019-4397 — Sensitive Information Exposure in IBM | cvebase