High Severity

IBM Security Bulletin: IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise Edition is affected by HTTP Server vulnerabilities

Share this post:

IBM HTTP Server is shipped as a component of IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise. Information about a security vulnerability affecting IBM HTTP Server has been published in a security bulletin.

CVE(s): CVE-2019-0211, CVE-2019-0220

Affected product(s) and affected version(s):

Principal Product and Version(s) Affected Supporting Product and Version
IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5, 2.5.0.1, 2.5.0.2, 2.5.0.3, 2.5.0.4, 2.5.0.5, 2.5.0.6, 2.5.0.7, 2.5.0.8, 2.5.0.9 IBM HTTP Server 8.5.5 to 8.5.5.15
IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.4, 2.4.0.1, 2.4.0.2, 2.4.0.3, 2.4.0.4, 2.4.0.5 IBM HTTP Server 8.5.5 to 8.5.5.12

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/959951
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/158929
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/158948

More stories

Security Bulletin: CSV Injection (CVE-2019-4490)

Nov 14, 2019 7:00 pm EST | High Severity

CVEID:   CVE-2019-4490 DESCRIPTION:   CVSS Base score: 7.8CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/164111 for the current score.CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) ...read more


Security Bulletin: Apache Commons Collections library in WebSphere Application Server Knowledge Center is vulnerable (CVE-2015-7450)

Nov 14, 2019 7:00 pm EST | High Severity

CVEID:   CVE-2015-7450 DESCRIPTION:   Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the Apache Commons Collections library.CVSS Base score: 9.8CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) ...read more


Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Netcool Impact

Nov 13, 2019 7:00 pm EST | High Severity

CVEID:   CVE-2019-4473 DESCRIPTION:   Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on the AIX platform use insecure absolute RPATHs, which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 163984.CVSS Base score: 8.4CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/163984 for the current score.CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVEID:   CVE-2019-11771 DESCRIPTION:   AIX builds of Eclipse OpenJ9 before 0.15.0 contain unused RPATHs which may facilitate code injection and privilege elevation by local users.CVSS Base score: 8.4CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/163989 for the current score.CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) ...read more