How severe is CVE-2019-4396?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.4 out of 10.

What type of vulnerability is CVE-2019-4396?

This is classified as CWE-74, which is a common weakness in software security.

CVE-2019-4396 - MEDIUM Severity | CVSS 5.4

Vulnerability Description

IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 162236.

Related Vulnerabilities

CVE-2013-4318

MEDIUM

CVSS:5.4(Medium)

File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious html in the /tmp directory.

CWE-742013

CVE-2016-5013

MEDIUM

CVSS:5.4(Medium)

In Moodle 2.x and 3.x, text injection can occur in email headers, potentially leading to outbound spam.

CWE-742016

CVE-2017-1115

MEDIUM

CVSS:5.4(Medium)

IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the securit...

CWE-742017

CVE-2017-1202

MEDIUM

CVSS:5.4(Medium)

IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's ...

CWE-742017

CVE-2018-1549

MEDIUM

CVSS:5.4(Medium)

IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL t...

CWE-742018

CVE-2018-1896

MEDIUM

CVSS:5.4(Medium)

IBM Connections 5.0, 5.5, and 6.0 is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain. IBM X-Force ID: 152456.

CWE-742018