High Severity

IBM Security Bulletin: IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise Edition is affected by HTTP Server vulnerabilities

Share this post:

IBM HTTP Server is shipped as a component of IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise. Information about a security vulnerability affecting IBM HTTP Server has been published in a security bulletin.

CVE(s): CVE-2019-0211, CVE-2019-0220

Affected product(s) and affected version(s):

Principal Product and Version(s) Affected Supporting Product and Version
IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5, 2.5.0.1, 2.5.0.2, 2.5.0.3, 2.5.0.4, 2.5.0.5, 2.5.0.6, 2.5.0.7, 2.5.0.8, 2.5.0.9 IBM HTTP Server 8.5.5 to 8.5.5.15
IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.4, 2.4.0.1, 2.4.0.2, 2.4.0.3, 2.4.0.4, 2.4.0.5 IBM HTTP Server 8.5.5 to 8.5.5.12

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/959951
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/158929
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/158948

More stories

Security Bulletin: Bypass Client-Side Validation vulnerability in Cloud Pak System (CVE-2019-4240)

Nov 20, 2019 12:10 pm EST | High Severity

There is a bypass client-side validation vulnerability in IBM Cloud Pak System formerly known as IBM PureApplication System. It applies to Cloud Pak System, Software, and Service. Cloud Pak System has addressed this vulnerability. Affected product(s) and affected version(s): IBM Cloud Pak System V2.3.0 Refer to the following reference URLs for remediation and additional vulnerability ...read more


Security Bulletin: Inadequate account lockout in Cloud Pak System (CVE-2019-4096)

Nov 20, 2019 11:46 am EST | High Severity

There is inadequate account lockout in IBM Cloud Pak System formerly known as IBM PureApplication System. It applies to Cloud Pak System, Software, and Service. Cloud Pak System has addressed this vulnerability. Affected product(s) and affected version(s): IBM Cloud Pak System V2.3.0 Refer to the following reference URLs for remediation and additional vulnerability details:   ...read more


Security Bulletin: A security vulnerability has been fixed in the IBM Security Identity Manager product (CVE-2019-4561)

Nov 19, 2019 7:00 pm EST | High Severity

CVEID:   CVE-2019-4561 DESCRIPTION:   CVSS Base score: 8CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/166456 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H) ...read more