PT-2019-17057 · Ibm · Ibm Cloud Orchestrator

Publicado

2019-10-25

Atualizado

2021-07-21

CVE-2019-4394

CVSS v3.1

2.3

Baixa

Vetor

AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions IBM Cloud Orchestrator versions 2.4 through 2.4.0.5 IBM Cloud Orchestrator versions 2.5 through 2.5.0.9

Description The issue allows a local user to potentially send email through APIs.

Recommendations For versions 2.4 through 2.4.0.5, restrict access to the email-sending APIs to prevent unauthorized use. For versions 2.5 through 2.5.0.9, consider disabling the email-sending functionality until a fix is available.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2019-4394

Produtos afetados

Ibm Cloud Orchestrator

PT-2019-17057 · Ibm · Ibm Cloud Orchestrator

CVE-2019-4394

Identificadores relacionados

Produtos afetados

Referências · 4