Skip to main content

Cloud Orchestrator

14 CVEs product

Monthly

CVE-2019-4461 MEDIUM This Month

IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP Response Splitting caused by improper caching of content. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Cloud Orchestrator
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-4400 MEDIUM This Month

IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Path Traversal Cloud Orchestrator
NVD
CVSS 3.1
4.3
EPSS
1.4%
CVE-2019-4399 HIGH This Week

IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Orchestrator
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2019-4396 MEDIUM This Month

IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Cloud Orchestrator
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-4395 LOW Monitor

IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a local user to obtain sensitive information from temporary script files. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Orchestrator
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2019-4394 LOW Monitor

IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 contain APIs that could be used by a local user to send email. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Orchestrator
NVD
CVSS 3.1
2.3
EPSS
0.3%
CVE-2019-4459 MEDIUM PATCH This Month

IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Cloud Orchestrator
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-4398 LOW PATCH Monitor

IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 could allow a local user to obtain sensitive information from SessionManagement cookies. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

IBM Path Traversal Information Disclosure Cloud Orchestrator Cloud Orchestrator Enterprise
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2019-4397 MEDIUM PATCH This Month

IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 stores sensitive information in URL parameters. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Cloud Orchestrator Cloud Orchestrator Enterprise
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2016-0206 LOW PATCH Monitor

IBM Cloud Orchestrator could allow a local authenticated attacker to cause the server to slow down for a short period of time by using a specially crafted and malformed URL. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

IBM Information Disclosure Cloud Orchestrator
NVD
CVSS 3.0
3.3
EPSS
0.1%
CVE-2016-0203 MEDIUM PATCH This Month

A vulnerability has been identified in the IBM Cloud Orchestrator task API. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Cloud Orchestrator Smartcloud Orchestrator
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-0202 LOW PATCH Monitor

A vulnerability has been identified in tasks, backend object generated for handling any action performed by the application in IBM Cloud Orchestrator. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Cloud Orchestrator
NVD
CVSS 3.0
3.3
EPSS
0.1%
CVE-2015-7494 LOW PATCH Monitor

A vulnerability has been identified in IBM Cloud Orchestrator services/[action]/launch API. Rated low severity (CVSS 2.8).

IBM Authentication Bypass Cloud Orchestrator Smartcloud Orchestrator
NVD
CVSS 3.0
2.8
EPSS
0.0%
CVE-2016-0204 MEDIUM PATCH This Month

Open redirect vulnerability in IBM Cloud Orchestrator 2.4.x before 2.4.0 FP3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Open Redirect Cloud Orchestrator
NVD
CVSS 3.0
6.8
EPSS
0.2%
EPSS 1% CVSS 5.4
MEDIUM This Month

IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP Response Splitting caused by improper caching of content. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Cloud Orchestrator
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Path Traversal Cloud Orchestrator
NVD
EPSS 1% CVSS 7.5
HIGH This Week

IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Orchestrator
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Cloud Orchestrator
NVD
EPSS 0% CVSS 3.3
LOW Monitor

IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a local user to obtain sensitive information from temporary script files. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Orchestrator
NVD
EPSS 0% CVSS 2.3
LOW Monitor

IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 contain APIs that could be used by a local user to send email. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Orchestrator
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Cloud Orchestrator
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 could allow a local user to obtain sensitive information from SessionManagement cookies. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

IBM Path Traversal Information Disclosure +2
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 stores sensitive information in URL parameters. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Cloud Orchestrator +1
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

IBM Cloud Orchestrator could allow a local authenticated attacker to cause the server to slow down for a short period of time by using a specially crafted and malformed URL. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

IBM Information Disclosure Cloud Orchestrator
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A vulnerability has been identified in the IBM Cloud Orchestrator task API. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Cloud Orchestrator +1
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

A vulnerability has been identified in tasks, backend object generated for handling any action performed by the application in IBM Cloud Orchestrator. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Cloud Orchestrator
NVD
EPSS 0% CVSS 2.8
LOW PATCH Monitor

A vulnerability has been identified in IBM Cloud Orchestrator services/[action]/launch API. Rated low severity (CVSS 2.8).

IBM Authentication Bypass Cloud Orchestrator +1
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Open redirect vulnerability in IBM Cloud Orchestrator 2.4.x before 2.4.0 FP3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Open Redirect Cloud Orchestrator
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy