HTTP Response Splitting Vulnerability in IBM Cloud Orchestrator 2.4 and 2.5

HTTP Response Splitting Vulnerability in IBM Cloud Orchestrator 2.4 and 2.5

CVE-2019-4461 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP Response Splitting caused by improper caching of content. This would allow the attacker to perform further attacks, such as Web Cache poisoning, cross-site scripting and possibly obtain sensitive information. IBM X-Force ID: 163682.

Learn more about our Web App Pen Testing.