Skip to main content

Cloud Orchestrator CVE-2019-4398

LOW
Files or Directories Accessible to External Parties (CWE-552)
2019-10-24 psirt@us.ibm.com
3.3
CVSS 3.1 · NVD

Severity by source

NVD PRIMARY
3.3 LOW
AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Oct 24, 2019 - 12:15 nvd
LOW 3.3

DescriptionNVD

IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 could allow a local user to obtain sensitive information from SessionManagement cookies. IBM X-Force ID: 162259.

AnalysisAI

IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 could allow a local user to obtain sensitive information from SessionManagement cookies. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-552. IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 could allow a local user to obtain sensitive information from SessionManagement cookies. IBM X-Force ID: 162259. Affected products include: Ibm Cloud Orchestrator, Ibm Cloud Orchestrator Enterprise. Version information: through 2.5.0.9.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2019-4399 HIGH
7.5 Oct 25

IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 uses weaker than expected cryptographic algorithms th

CVE-2016-0204 MEDIUM
6.8 Oct 16

Open redirect vulnerability in IBM Cloud Orchestrator 2.4.x before 2.4.0 FP3 allows remote authenticated users to redire

CVE-2019-4397 MEDIUM
6.5 Oct 24

IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 stores sensitiv

CVE-2016-0203 MEDIUM
5.5 Feb 08

A vulnerability has been identified in the IBM Cloud Orchestrator task API. Rated medium severity (CVSS 5.5), this vulne

CVE-2019-4461 MEDIUM
5.4 Oct 25

IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP Response Splitting caused by im

CVE-2019-4396 MEDIUM
5.4 Oct 25

IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP response splitting attacks, cau

CVE-2019-4459 MEDIUM
5.4 Oct 24

IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 is vulnerable t

CVE-2019-4400 MEDIUM
4.3 Oct 25

IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a remote attacker to traverse directories

CVE-2016-0202 LOW
3.3 Feb 08

A vulnerability has been identified in tasks, backend object generated for handling any action performed by the applicat

CVE-2016-0206 LOW
3.3 Feb 08

IBM Cloud Orchestrator could allow a local authenticated attacker to cause the server to slow down for a short period of

CVE-2019-4395 LOW
3.3 Oct 25

IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a local user to obtain sensitive informat

CVE-2015-7494 LOW
2.8 Feb 08

A vulnerability has been identified in IBM Cloud Orchestrator services/[action]/launch API. Rated low severity (CVSS 2.8

Share

CVE-2019-4398 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy