{ "affects": { "vendor": { "vendor_data": [ { "vendor_name": "IBM", "product": { "product_data": [ { "product_name": "Cloud Orchestrator", "version": { "version_data": [ { "version_value": "2.4" }, { "version_value": "2.4.0.1" }, { "version_value": "2.4.0.2" }, { "version_value": "2.5" }, { "version_value": "2.5.0.1" }, { "version_value": "2.4.0.3" }, { "version_value": "2.5.0.2" }, { "version_value": "2.4.0.4" }, { "version_value": "2.5.0.3" }, { "version_value": "2.5.0.4" }, { "version_value": "2.4.0.5" }, { "version_value": "2.5.0.5" }, { "version_value": "2.5.0.6" }, { "version_value": "2.5.0.7" }, { "version_value": "2.5.0.8" }, { "version_value": "2.5.0.9" } ] } } ] } } ] } }, "CVE_data_meta": { "ID": "CVE-2019-4461", "STATE": "PUBLIC", "DATE_PUBLIC": "2019-10-23T00:00:00", "ASSIGNER": "psirt@us.ibm.com" }, "impact": { "cvssv3": { "TM": { "E": "U", "RL": "O", "RC": "C" }, "BM": { "AV": "N", "SCORE": "5.400", "AC": "L", "I": "L", "PR": "L", "S": "C", "C": "L", "A": "N", "UI": "R" } } }, "data_type": "CVE", "problemtype": { "problemtype_data": [ { "description": [ { "value": "Gain Access", "lang": "eng" } ] } ] }, "data_format": "MITRE", "references": { "reference_data": [ { "url": "https://www.ibm.com/support/pages/node/1072684", "refsource": "CONFIRM", "name": "https://www.ibm.com/support/pages/node/1072684", "title": "IBM Security Bulletin 1072684 (Cloud Orchestrator)" }, { "title": "X-Force Vulnerability Report", "name": "ibm-co-cve20194461-response-splitting (163682)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/163682" } ] }, "data_version": "4.0", "description": { "description_data": [ { "value": "IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP Response Splitting caused by improper caching of content. This would allow the attacker to perform further attacks, such as Web Cache poisoning, cross-site scripting and possibly obtain sensitive information. IBM X-Force ID: 163682.", "lang": "eng" } ] } }