Vulnerabilities > IBM > Cloud Orchestrator

DATE CVE VULNERABILITY TITLE RISK
2019-10-25 CVE-2019-4461 Injection vulnerability in IBM Cloud Orchestrator
IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP Response Splitting caused by improper caching of content.
network
low complexity
ibm CWE-74
5.4
2019-10-25 CVE-2019-4400 Path Traversal vulnerability in IBM Cloud Orchestrator
IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
4.3
2019-10-25 CVE-2019-4399 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Cloud Orchestrator
IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
network
low complexity
ibm CWE-327
7.5
2019-10-25 CVE-2019-4396 Injection vulnerability in IBM Cloud Orchestrator
IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input.
network
low complexity
ibm CWE-74
5.4
2019-10-25 CVE-2019-4395 Unspecified vulnerability in IBM Cloud Orchestrator
IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a local user to obtain sensitive information from temporary script files.
local
low complexity
ibm
3.3
2019-10-25 CVE-2019-4394 Unspecified vulnerability in IBM Cloud Orchestrator
IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 contain APIs that could be used by a local user to send email.
local
low complexity
ibm
2.3
2019-10-24 CVE-2019-4459 Cross-site Scripting vulnerability in IBM Cloud Orchestrator
IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2019-10-24 CVE-2019-4398 Files or Directories Accessible to External Parties vulnerability in IBM Cloud Orchestrator and Cloud Orchestrator Enterprise
IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 could allow a local user to obtain sensitive information from SessionManagement cookies.
local
low complexity
ibm CWE-552
3.3
2019-10-24 CVE-2019-4397 Information Exposure vulnerability in IBM Cloud Orchestrator and Cloud Orchestrator Enterprise
IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 stores sensitive information in URL parameters.
network
low complexity
ibm CWE-200
6.5
2018-08-30 CVE-2016-0205 Information Exposure vulnerability in IBM Cloud Orchestrator
A vulnerability has been identified in IBM Cloud Orchestrator 2.3, 2.3.0.1, 2.4, and 2.4.0.1 that could allow an attacker after authentication to enumerate valid users of the system.
local
low complexity
ibm CWE-200
3.3