Ibm Cloud Orchestrator Enterprise vulnerabilities
2 known vulnerabilities affecting ibm/cloud_orchestrator_enterprise.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM1LOW1
Vulnerabilities
Page 1 of 1
CVE-2019-4397MEDIUMCVSS 6.5≥ 2.4, ≤ 2.4.0.5≥ 2.5, ≤ 2.5.0.92019-10-24
CVE-2019-4397 [MEDIUM] CWE-200 CVE-2019-4397: IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4
IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 162239
nvd
CVE-2019-4398LOWCVSS 3.3≥ 2.4, ≤ 2.4.0.5≥ 2.5, ≤ 2.5.0.92019-10-24
CVE-2019-4398 [LOW] CWE-552 CVE-2019-4398: IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4
IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 could allow a local user to obtain sensitive information from SessionManagement cookies. IBM X-Force ID: 162259.
nvd