IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise has addressed the ASoC vulnerability.
CVEID: CVE-2012-5351 DESCRIPTION: Apache Axis2 could allow a remote attacker to bypass security restrictions. An attacker could exploit this vulnerability using a SAML assertion that lacks a Signature element to bypass the authentication process to forge messages.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79487> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5, 2.5.0.1, 2.5.0.2, 2.5.0.3, 2.5.0.4, 2.5.0.5, 2.5.0.6, 2.5.0.7, 2.5.0.8, 2.5.0.9, 2.4, 2.4.0.1, 2.4.0.2, 2.4.0.3, 2.4.0.4, 2.4.0.5
The recommended solution is to apply the fixes as soon as practical.
Principal Product and Version(s) | VRMF | Remediation/First Fix |
---|---|---|
IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise | 2.5, 2.5.0.1, 2.5.0.2, 2.5.0.3, 2.5.0.4, 2.5.0.5, 2.5.0.6, 2.5.0.7, 2.5.0.8, 2.5.0.9 |
For 2.5 versions, IBM recommends upgrading to Fix Pack 10 (2.5.0.10) of IBM Cloud Orchestrator:
<https://www.ibm.com/support/pages/ibm-cloud-orchestrator-fix-pack-10-25010-25>
IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise | 2.4, 2.4.0.1, 2.4.0.2, 2.4.0.3, 2.4.0.4, 2.4.0.5 |
Contact IBM Cloud Orchestrator support.
None