A Security Vulnerability affects IBM Cloud Private - Go
CVEID: CVE-2019-14809 DESCRIPTION: Go could allow a remote attacker to bypass security restrictions, caused by improper handling of hosts in URLs. By using a specially-crafted host, an attacker could exploit this vulnerability to bypass access restrictions in some applications
CVSS Base Score: 7.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/165326> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
IBM Cloud Private 3.1.0, 3.1.1, 3.1.2, 3.2.0
Product defect fixes and security updates are only available for the two most recent Continuous Delivery (CD) update packages
For IBM Cloud Private 3.2.0, apply October fix pack:
For IBM Cloud Private 3.2.1, apply October fix pack:
For IBM Cloud Private 3.1.0, 3.1.1, 3.1.2:
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm cloud private | eq | any |