CVE-2019-4400

Name of the Vulnerable Software and Affected Versions IBM Cloud Orchestrator versions 2.4 through 2.4.0.5 IBM Cloud Orchestrator versions 2.5 through 2.5.0.9

Description The issue allows a remote attacker to traverse directories on the system by sending a specially-crafted URL request containing dot dot sequences (/../) to view arbitrary files on the system.

Recommendations For IBM Cloud Orchestrator versions 2.4 through 2.4.0.5, update to a version outside of this range to resolve the issue. For IBM Cloud Orchestrator versions 2.5 through 2.5.0.9, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.