High Severity

IBM Security Bulletin: IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise Edition is affected by HTTP Server vulnerabilities

Share this post:

IBM HTTP Server is shipped as a component of IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise. Information about a security vulnerability affecting IBM HTTP Server has been published in a security bulletin.

CVE(s): CVE-2019-0211, CVE-2019-0220

Affected product(s) and affected version(s):

Principal Product and Version(s) Affected Supporting Product and Version
IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5, 2.5.0.1, 2.5.0.2, 2.5.0.3, 2.5.0.4, 2.5.0.5, 2.5.0.6, 2.5.0.7, 2.5.0.8, 2.5.0.9 IBM HTTP Server 8.5.5 to 8.5.5.15
IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.4, 2.4.0.1, 2.4.0.2, 2.4.0.3, 2.4.0.4, 2.4.0.5 IBM HTTP Server 8.5.5 to 8.5.5.12

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/959951
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/158929
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/158948

More stories

Security Bulletin: IBM MQ certified container is vulnerable to multiple vulnerabilities within IBM MQ.(CVE-2019-4655, CVE-2019-4560, CVE-2019-4614, CVE-2019-4620)

Feb 26, 2020 7:00 pm EST | High Severity

Multiple vulnerabilities were found within IBM MQ which is packaged with the IBM MQ certified container. ...read more


Security Bulletin: Vulnerability in OpenSLP affects Power Hardware Management Console (CVE-2019-5544)

Feb 26, 2020 7:00 pm EST | High Severity

The opensslp packages provide Service Location Protocol (SLP) which is an Internet Engineering Task Force (IETF) standards track protocol and provides a framework to allow networking applications to discover the existence, location, and configuration of networked services in enterprise networks. And is vulnerable by CVE-2019-5544 ...read more


Security Bulletin: IBM MQ certified container is vulnerable to a denial of service vulnerability in golang (CVE-2019-17596)

Feb 26, 2020 7:00 pm EST | High Severity

A vulnerability was discovered in golang which is used to create the control programs used by IBM MQ certified container. ...read more