CVE-2019-4461

Name of the Vulnerable Software and Affected Versions IBM Cloud Orchestrator versions 2.4 through 2.4.0.5 IBM Cloud Orchestrator versions 2.5 through 2.5.0.9

Description The issue is caused by improper caching of content, leading to HTTP Response Splitting. This could allow an attacker to perform further attacks, such as Web Cache poisoning, cross-site scripting, and possibly obtain sensitive information.

Recommendations For IBM Cloud Orchestrator versions 2.4 through 2.4.0.5, update to a version that properly handles content caching to prevent HTTP Response Splitting. For IBM Cloud Orchestrator versions 2.5 through 2.5.0.9, update to a version that properly handles content caching to prevent HTTP Response Splitting. As a temporary workaround, consider restricting access to sensitive information and implementing additional security measures to minimize the risk of Web Cache poisoning and cross-site scripting.