Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 162236.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
IBM Cloud Orchestrator 跨站脚本漏洞
Vulnerability Description
IBM Cloud Orchestrator是美国IBM公司的一套为云管理解决方案。该方案提供扩展内部和外部部署云服务以及应用程序接口和工具扩展与现有环境集成等功能。 IBM Cloud Orchestrator中存在跨站脚本漏洞。攻击者可利用该漏洞注入任意的HTTP头并造成响应拆分。以下产品及版本受到影响:IBM Cloud Orchestrator 2.5版本,2.5.0.1版本,2.5.0.2版本,2.5.0.3版本,2.5.0.4版本,2.5.0.5版本,2.5.0.6版本,2.5.0.7版本,2
CVSS Information
N/A
Vulnerability Type
N/A