PT-2019-17094 · Ibm · Ibm Cloud Orchestrator
Published
2019-10-25
·
Updated
2020-08-24
·
CVE-2019-4461
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Cloud Orchestrator versions 2.4 through 2.4.0.5
IBM Cloud Orchestrator versions 2.5 through 2.5.0.9
Description
The issue is caused by improper caching of content, leading to HTTP Response Splitting. This could allow an attacker to perform further attacks, such as Web Cache poisoning, cross-site scripting, and possibly obtain sensitive information.
Recommendations
For IBM Cloud Orchestrator versions 2.4 through 2.4.0.5, update to a version that properly handles content caching to prevent HTTP Response Splitting.
For IBM Cloud Orchestrator versions 2.5 through 2.5.0.9, update to a version that properly handles content caching to prevent HTTP Response Splitting.
As a temporary workaround, consider restricting access to sensitive information and implementing additional security measures to minimize the risk of Web Cache poisoning and cross-site scripting.
Fix
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Cloud Orchestrator