Medium Severity

IBM Security Bulletin: A security vulnerability affects IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise Edition (CVE-2019-4398)

Share this post:

IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise has identified and addressed the session management cookies vulnerability.

CVE(s): CVE-2019-4398

Affected product(s) and affected version(s):

IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5, 2.5.0.1, 2.5.0.2, 2.5.0.3, 2.5.0.4, 2.5.0.5, 2.5.0.6, 2.5.0.7, 2.5.0.8, 2.5.0.9

IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.4, 2.4.0.1, 2.4.0.2, 2.4.0.3, 2.4.0.4, 2.4.0.5

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/1077123
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/162259

More stories

Security Bulletin: IBM Security Directory Suite is affected by security vulnerability(CVE-2018-4441)

Oct 28, 2020 8:02 pm EDT | Medium Severity

IBM Security Directory Suite (SDS VA) has addressed the following vulnerability due to remote attacks. ...read more


Security Bulletin: Multiple security vulnerabilities have been identified in IBM® Java SDK that affect IBM Security Directory Suite – October 2019 CPU

Oct 28, 2020 8:02 pm EDT | Medium Severity

There are vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped with IBM Security Directory Suite. The issues were disclosed as part of the IBM Java SDK updates in October 2019 and it includes the vulnerabilities details. ...read more


Security Bulletin: IBM Resilient OnPrem could allow an attacker on a restricted internal network to provide the server with a spoofed source IP address. (CVE-2020-4864)

Oct 28, 2020 8:02 pm EDT | Medium Severity

The X-Forwarded-For Header in a request can inadvertently log an incorrect IP address when connecting to specific internal networks. The affects only on-premises customers within a restricted network. ...read more