IBM Cloud Automation Manager will redirect when a bad API path is requested rather than issuing a 404. User may expect an error
but be redirected to a home page instead.
CVEID: CVE-2019-4132 DESCRIPTION: IBM Cloud Automation Manager could allow a user to be impropertly redirected and obtain sensitive information rather than receive a 404 error message.
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/158274> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
IBM Cloud Automation Manager 3.1.2
IBM Cloud Automation Manager users should upgrade to the following release:
IBM Cloud Automation Manager 3.1.2.1
https://www.ibm.com/support/knowledgecenter/en/SS2L37_3.1.2.1/cam_upgrade_cam.html
None.