1. Home
  2. CVE Database
  3. CVE-2019-4397
MEDIUM · 6.5

CVE-2019-4397

IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 stores sensitive information in URL parameters. This may lead to information disclosure if unau...

Vulnerability Description

IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 162239

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
IbmCloud Orchestrator>= 2.4, <= 2.4.0.5
IbmCloud Orchestrator Enterprise>= 2.4, <= 2.4.0.5

Related Weaknesses (CWE)

CWE-200

References

FAQ

What is CVE-2019-4397?

CVE-2019-4397 is a vulnerability with a CVSS score of 6.5 (MEDIUM). IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 stores sensitive information in URL parameters. This may lead to information disclosure if unau...

How severe is CVE-2019-4397?

CVE-2019-4397 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-4397?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Cloud Orchestrator, Ibm Cloud Orchestrator Enterprise.