IBM HTTP Server is shipped as a component of IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise. Information about a security vulnerability affecting IBM HTTP Server has been published in a security bulletin.
Please consult the security bulletin Multiple vulnerabilities in IBM HTTP Server (CVE-2018-20843, CVE-2019-10092, CVE-2019-10098) for vulnerability details and information about fixes.
Affected Product Name | Affected Versions |
---|---|
IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise Edition | V2.5, V2.5.0.1, V2.5.02. V2.5.0.3, V2.5.0.4, V2.5.0.5, V2.5.0.6, V2.5.0.7, V2.5.0.8, V2.5.0.9, V2.5.0.10, V2.4, V2.4.0.1, V2.4.0.2, V2.4.0.3, V2.4.0.4, V2.4.0.5 |
The recommended solution is to apply the fixes as soon as practical.
Principal Product and Version(s) | VRMF | Remediation/First Fix |
---|---|---|
IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise | 2.5, 2.5.0.1, 2.5.0.2, 2.5.0.3, 2.5.0.4, 2.5.0.5, 2.5.0.6, 2.5.0.7, 2.5.0.8, 2.5.0.9, 2.5.0.10 |
Upgrade to minimal fix pack level as required by interim fix. For more information, see Multiple vulnerabilities in IBM HTTP Server (CVE-2018-20843, CVE-2019-10092, CVE-2019-10098).
IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise | 2.4, 2.4.0.1, 2.4.0.2, 2.4.0.3, 2.4.0.4, 2.4.0.5 |
Contact IBM Cloud Orchestrator support.
None