IBM Cloud Orchestrator has addressed the following vulnerabilities.
CVEID: CVE-2013-0340**
DESCRIPTION:** expat is vulnerable to a denial of service, caused by the improper handling of internal entity expansion. By persuading a victim to open a specially crafted XML document, an attacker could exploit this vulnerability to consume all available resources.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/132738 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVEID: CVE-2013-0341**
DESCRIPTION:** expat is vulnerable to a denial of service, caused by the improper handling of external entity expansion. By persuading a victim to open a specially crafted XML document, an attacker could exploit this vulnerability to consume all available resources.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/132741 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)
Affected IBM Cloud Orchestrator
|
Affected Versions
—|—
IBM Cloud Orchestrator| 2.5
IBM Cloud Orchestrator| 2.4
br>
br>
Fix delivery details for IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise Edition:
Product | VRMF | Remediation/First Fix |
---|---|---|
IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise | V2.5, V2.5.0.1 IFix1, V2.5.0.2, V2.5.0.3, V2.5.0.4, V2.5.0.5 | For 2.5 versions, upgrade to Fix Pack 6 (2.5.0.6) of IBM Cloud Orchestrator. |
<http://www-01.ibm.com/support/docview.wss?uid=swg2C4000066> | ||
IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise | V2.4, V2.4.0.1, V2.4.0.2, V2.4.0.3, V2.4.0.4 | For 2.4 versions, IBM recommends upgrading to Fix Pack 5 (2.4.0.5) of IBM Cloud Orchestrator. |
<http://www-01.ibm.com/support/docview.wss?uid=swg2C4000063> | ||
br> | ||
br> |
None