Vulnerabilities > CVE-2019-4398 - Files or Directories Accessible to External Parties vulnerability in IBM Cloud Orchestrator and Cloud Orchestrator Enterprise

CVSS 3.3 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

local

low complexity

ibm

CWE-552

NVD

Published: 2019-10-24

Updated: 2021-07-21

Summary

IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 could allow a local user to obtain sensitive information from SessionManagement cookies. IBM X-Force ID: 162259.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Cloud Orchestrator Enterprise * IBM Cloud Orchestrator 2.4 IBM Cloud Orchestrator 2.4.0.0 IBM Cloud Orchestrator 2.4.0.1 IBM Cloud Orchestrator 2.4.0.2 IBM Cloud Orchestrator 2.4.0.3 IBM Cloud Orchestrator 2.4.0.4 IBM Cloud Orchestrator 2.4.0.5 IBM Cloud Orchestrator 2.5 IBM Cloud Orchestrator 2.5.0.0 IBM Cloud Orchestrator 2.5.0.1 IBM Cloud Orchestrator 2.5.0.2 IBM Cloud Orchestrator 2.5.0.3 IBM Cloud Orchestrator 2.5.0.4 IBM Cloud Orchestrator 2.5.0.5 IBM Cloud Orchestrator 2.5.0.6 IBM Cloud Orchestrator 2.5.0.7 IBM Cloud Orchestrator 2.5.0.8 IBM Cloud Orchestrator 2.5.0.9	36

Common Weakness Enumeration (CWE)

CWE-552 - Files or Directories Accessible to External Parties

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References