CVE-2019-4396

Name of the Vulnerable Software and Affected Versions IBM Cloud Orchestrator versions 2.4 through 2.4.0.5 IBM Cloud Orchestrator versions 2.5 through 2.5.0.9

Description The issue is caused by improper validation of user-supplied input, making it vulnerable to HTTP response splitting attacks. A remote attacker could exploit this to inject arbitrary HTTP headers and cause the server to return a split response when a crafted URL is clicked. This could allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information.

Recommendations For IBM Cloud Orchestrator versions 2.4 through 2.4.0.5, update to a version outside of this range to resolve the issue. For IBM Cloud Orchestrator versions 2.5 through 2.5.0.9, update to a version outside of this range to resolve the issue.