Skip to main content

Cloud Orchestrator Enterprise

2 CVEs product

Monthly

CVE-2019-4398 LOW PATCH Monitor

IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 could allow a local user to obtain sensitive information from SessionManagement cookies. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

IBM Path Traversal Information Disclosure Cloud Orchestrator Cloud Orchestrator Enterprise
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2019-4397 MEDIUM PATCH This Month

IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 stores sensitive information in URL parameters. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Cloud Orchestrator Cloud Orchestrator Enterprise
NVD
CVSS 3.1
6.5
EPSS
1.0%
EPSS 0% CVSS 3.3
LOW PATCH Monitor

IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 could allow a local user to obtain sensitive information from SessionManagement cookies. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

IBM Path Traversal Information Disclosure +2
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 stores sensitive information in URL parameters. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Cloud Orchestrator +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy