Ibm Cloud Orchestrator — known CVE vulnerabilities
Every CVE whose affected-product data names Ibm Cloud Orchestrator, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (15)
CVE-2019-4399 — CVSS 7.5 (high): IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 uses weaker than expected cryptographic algorithms that could allow an…
CVE-2016-0204 — CVSS 6.8 (medium): Open redirect vulnerability in IBM Cloud Orchestrator 2.4.x before 2.4.0 FP3 allows remote authenticated users to redirect users to…
CVE-2019-4397 — CVSS 6.5 (medium): IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 stores sensitive information in…
CVE-2016-0203 — CVSS 5.5 (medium): A vulnerability has been identified in the IBM Cloud Orchestrator task API. The task API might allow an authenticated user to view…
CVE-2019-4396 — CVSS 5.4 (medium): IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP response splitting attacks, caused by improper…
CVE-2019-4459 — CVSS 5.4 (medium): IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 is vulnerable to cross-site…
CVE-2019-4461 — CVSS 5.4 (medium): IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP Response Splitting caused by improper caching of…
CVE-2019-4400 — CVSS 4.3 (medium): IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a remote attacker to traverse directories on the system. An…
CVE-2019-4395 — CVSS 3.3 (low): IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a local user to obtain sensitive information from temporary…
CVE-2016-0202 — CVSS 3.3 (low): A vulnerability has been identified in tasks, backend object generated for handling any action performed by the application in IBM Cloud…
CVE-2016-0205 — CVSS 3.3 (low): A vulnerability has been identified in IBM Cloud Orchestrator 2.3, 2.3.0.1, 2.4, and 2.4.0.1 that could allow an attacker after…
CVE-2016-0206 — CVSS 3.3 (low): IBM Cloud Orchestrator could allow a local authenticated attacker to cause the server to slow down for a short period of time by using a…
CVE-2019-4398 — CVSS 3.3 (low): IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 could allow a local user to obtain…
CVE-2015-7494 — CVSS 2.8 (low): A vulnerability has been identified in IBM Cloud Orchestrator services/[action]/launch API. An authenticated domain admin user might modify…
CVE-2019-4394 — CVSS 2.3 (low): IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 contain APIs that could be used by a local user to send email. IBM…