PT-2019-17057 · Ibm · Ibm Cloud Orchestrator

Published

2019-10-25

Updated

2021-07-21

CVE-2019-4394

CVSS v3.1

2.3

Low

Vector

AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions IBM Cloud Orchestrator versions 2.4 through 2.4.0.5 IBM Cloud Orchestrator versions 2.5 through 2.5.0.9

Description The issue allows a local user to potentially send email through APIs.

Recommendations For versions 2.4 through 2.4.0.5, restrict access to the email-sending APIs to prevent unauthorized use. For versions 2.5 through 2.5.0.9, consider disabling the email-sending functionality until a fix is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2019-4394

Affected Products

Ibm Cloud Orchestrator

PT-2019-17057 · Ibm · Ibm Cloud Orchestrator

CVE-2019-4394

Related Identifiers

Affected Products

References · 4