Vulnerabilities > IBM > Cloud Orchestrator > 2.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-24 | CVE-2019-4398 | Files or Directories Accessible to External Parties vulnerability in IBM Cloud Orchestrator and Cloud Orchestrator Enterprise IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 could allow a local user to obtain sensitive information from SessionManagement cookies. | 3.3 |
| 2019-10-24 | CVE-2019-4397 | Information Exposure vulnerability in IBM Cloud Orchestrator and Cloud Orchestrator Enterprise IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 stores sensitive information in URL parameters. | 6.5 |
| 2017-02-08 | CVE-2016-0203 | Information Exposure vulnerability in IBM Cloud Orchestrator and Smartcloud Orchestrator A vulnerability has been identified in the IBM Cloud Orchestrator task API. | 5.5 |
| 2017-02-08 | CVE-2015-7494 | Improper Access Control vulnerability in IBM Cloud Orchestrator and Smartcloud Orchestrator A vulnerability has been identified in IBM Cloud Orchestrator services/[action]/launch API. | 2.8 |