CVE-2019-4397

Name of the Vulnerable Software and Affected Versions IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise versions 2.4 through 2.4.0.5 IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise versions 2.5 through 2.5.0.9

Description The issue concerns the storage of sensitive information in URL parameters, which may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header, or browser history.

Recommendations For versions 2.4 through 2.4.0.5, consider restricting access to server logs and referrer headers to minimize the risk of exploitation. For versions 2.5 through 2.5.0.9, consider implementing measures to protect sensitive information in URL parameters, such as encrypting the data or using alternative methods for storing and transmitting sensitive information. As a temporary workaround, consider disabling the use of sensitive information in URL parameters until a more permanent solution is available.