Vulnerabilities > IBM > Cloud Orchestrator > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-25 | CVE-2019-4461 | Injection vulnerability in IBM Cloud Orchestrator IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP Response Splitting caused by improper caching of content. | 5.4 |
| 2019-10-25 | CVE-2019-4400 | Path Traversal vulnerability in IBM Cloud Orchestrator IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a remote attacker to traverse directories on the system. | 4.3 |
| 2019-10-25 | CVE-2019-4396 | Injection vulnerability in IBM Cloud Orchestrator IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. | 5.4 |
| 2019-10-24 | CVE-2019-4459 | Cross-site Scripting vulnerability in IBM Cloud Orchestrator IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 is vulnerable to cross-site scripting. | 5.4 |
| 2019-10-24 | CVE-2019-4397 | Information Exposure vulnerability in IBM Cloud Orchestrator and Cloud Orchestrator Enterprise IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 stores sensitive information in URL parameters. | 6.5 |
| 2017-02-08 | CVE-2016-0203 | Information Exposure vulnerability in IBM Cloud Orchestrator and Smartcloud Orchestrator A vulnerability has been identified in the IBM Cloud Orchestrator task API. | 5.5 |
| 2016-10-16 | CVE-2016-0204 | Open Redirect vulnerability in IBM Cloud Orchestrator 2.4.0.0/2.4.0.1/2.4.0.2 Open redirect vulnerability in IBM Cloud Orchestrator 2.4.x before 2.4.0 FP3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 6.8 |