Search criteria
8 vulnerabilities found for Cloud Orchestrator by IBM Corporation
CVE-2016-0206 (GCVE-0-2016-0206)
Vulnerability from nvd – Published: 2017-02-08 22:00 – Updated: 2024-08-05 22:08
VLAI
Summary
IBM Cloud Orchestrator could allow a local authenticated attacker to cause the server to slow down for a short period of time by using a specially crafted and malformed URL.
Severity
No CVSS data available.
CWE
- Denial of Service
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg2C1000141 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/94656 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM Corporation | Cloud Orchestrator |
Affected:
2.2
Affected: 2.2.0.1 Affected: 2.3 Affected: 2.4 Affected: 2.3.0.1 Affected: 2.4.0.1 Affected: 2.4.0.2 Affected: 2.5 Affected: 2.5.0.1 Affected: 2.4.0.3 Affected: 2.5.0.2 |
Date Public
2016-10-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:08:13.339Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000141"
},
{
"name": "94656",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94656"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cloud Orchestrator",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "2.2"
},
{
"status": "affected",
"version": "2.2.0.1"
},
{
"status": "affected",
"version": "2.3"
},
{
"status": "affected",
"version": "2.4"
},
{
"status": "affected",
"version": "2.3.0.1"
},
{
"status": "affected",
"version": "2.4.0.1"
},
{
"status": "affected",
"version": "2.4.0.2"
},
{
"status": "affected",
"version": "2.5"
},
{
"status": "affected",
"version": "2.5.0.1"
},
{
"status": "affected",
"version": "2.4.0.3"
},
{
"status": "affected",
"version": "2.5.0.2"
}
]
}
],
"datePublic": "2016-10-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Cloud Orchestrator could allow a local authenticated attacker to cause the server to slow down for a short period of time by using a specially crafted and malformed URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-09T10:57:02.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000141"
},
{
"name": "94656",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94656"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-0206",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cloud Orchestrator",
"version": {
"version_data": [
{
"version_value": "2.2"
},
{
"version_value": "2.2.0.1"
},
{
"version_value": "2.3"
},
{
"version_value": "2.4"
},
{
"version_value": "2.3.0.1"
},
{
"version_value": "2.4.0.1"
},
{
"version_value": "2.4.0.2"
},
{
"version_value": "2.5"
},
{
"version_value": "2.5.0.1"
},
{
"version_value": "2.4.0.3"
},
{
"version_value": "2.5.0.2"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Cloud Orchestrator could allow a local authenticated attacker to cause the server to slow down for a short period of time by using a specially crafted and malformed URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg2C1000141",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000141"
},
{
"name": "94656",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94656"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-0206",
"datePublished": "2017-02-08T22:00:00.000Z",
"dateReserved": "2015-12-08T00:00:00.000Z",
"dateUpdated": "2024-08-05T22:08:13.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-0203 (GCVE-0-2016-0203)
Vulnerability from nvd – Published: 2017-02-08 22:00 – Updated: 2024-08-05 22:08
VLAI
Summary
A vulnerability has been identified in the IBM Cloud Orchestrator task API. The task API might allow an authenticated user to view background information associated with actions performed on virtual machines in projects where the user belongs to.
Severity
No CVSS data available.
CWE
- Obtain Information
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/94440 | vdb-entryx_refsource_BID |
| http://www.ibm.com/support/docview.wss?uid=swg2C1000140 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM Corporation | Cloud Orchestrator |
Affected:
2.2
Affected: 2.2.0.1 Affected: 2.3 Affected: 2.4 Affected: 2.3.0.1 Affected: 2.4.0.1 Affected: 2.4.0.2 Affected: 2.5 Affected: 2.5.0.1 Affected: 2.4.0.3 Affected: 2.5.0.2 |
Date Public
2016-11-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:08:13.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94440",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94440"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000140"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cloud Orchestrator",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "2.2"
},
{
"status": "affected",
"version": "2.2.0.1"
},
{
"status": "affected",
"version": "2.3"
},
{
"status": "affected",
"version": "2.4"
},
{
"status": "affected",
"version": "2.3.0.1"
},
{
"status": "affected",
"version": "2.4.0.1"
},
{
"status": "affected",
"version": "2.4.0.2"
},
{
"status": "affected",
"version": "2.5"
},
{
"status": "affected",
"version": "2.5.0.1"
},
{
"status": "affected",
"version": "2.4.0.3"
},
{
"status": "affected",
"version": "2.5.0.2"
}
]
}
],
"datePublic": "2016-11-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in the IBM Cloud Orchestrator task API. The task API might allow an authenticated user to view background information associated with actions performed on virtual machines in projects where the user belongs to."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-09T10:57:02.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "94440",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94440"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000140"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-0203",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cloud Orchestrator",
"version": {
"version_data": [
{
"version_value": "2.2"
},
{
"version_value": "2.2.0.1"
},
{
"version_value": "2.3"
},
{
"version_value": "2.4"
},
{
"version_value": "2.3.0.1"
},
{
"version_value": "2.4.0.1"
},
{
"version_value": "2.4.0.2"
},
{
"version_value": "2.5"
},
{
"version_value": "2.5.0.1"
},
{
"version_value": "2.4.0.3"
},
{
"version_value": "2.5.0.2"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in the IBM Cloud Orchestrator task API. The task API might allow an authenticated user to view background information associated with actions performed on virtual machines in projects where the user belongs to."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94440",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94440"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg2C1000140",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000140"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-0203",
"datePublished": "2017-02-08T22:00:00.000Z",
"dateReserved": "2015-12-08T00:00:00.000Z",
"dateUpdated": "2024-08-05T22:08:13.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-0202 (GCVE-0-2016-0202)
Vulnerability from nvd – Published: 2017-02-08 22:00 – Updated: 2024-08-05 22:08
VLAI
Summary
A vulnerability has been identified in tasks, backend object generated for handling any action performed by the application in IBM Cloud Orchestrator. It is possible for an authenticated user to view any task of the current users domain.
Severity
No CVSS data available.
CWE
- Obtain Information
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/94578 | vdb-entryx_refsource_BID |
| http://www.ibm.com/support/docview.wss?uid=swg2C1000134 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM Corporation | Cloud Orchestrator |
Affected:
2.2
Affected: 2.2.0.1 Affected: 2.3 Affected: 2.4 Affected: 2.3.0.1 Affected: 2.4.0.1 Affected: 2.4.0.2 Affected: 2.5 Affected: 2.5.0.1 Affected: 2.4.0.3 Affected: 2.5.0.2 |
Date Public
2016-11-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:08:13.344Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94578",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94578"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000134"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cloud Orchestrator",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "2.2"
},
{
"status": "affected",
"version": "2.2.0.1"
},
{
"status": "affected",
"version": "2.3"
},
{
"status": "affected",
"version": "2.4"
},
{
"status": "affected",
"version": "2.3.0.1"
},
{
"status": "affected",
"version": "2.4.0.1"
},
{
"status": "affected",
"version": "2.4.0.2"
},
{
"status": "affected",
"version": "2.5"
},
{
"status": "affected",
"version": "2.5.0.1"
},
{
"status": "affected",
"version": "2.4.0.3"
},
{
"status": "affected",
"version": "2.5.0.2"
}
]
}
],
"datePublic": "2016-11-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in tasks, backend object generated for handling any action performed by the application in IBM Cloud Orchestrator. It is possible for an authenticated user to view any task of the current users domain."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-09T10:57:02.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "94578",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94578"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000134"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-0202",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cloud Orchestrator",
"version": {
"version_data": [
{
"version_value": "2.2"
},
{
"version_value": "2.2.0.1"
},
{
"version_value": "2.3"
},
{
"version_value": "2.4"
},
{
"version_value": "2.3.0.1"
},
{
"version_value": "2.4.0.1"
},
{
"version_value": "2.4.0.2"
},
{
"version_value": "2.5"
},
{
"version_value": "2.5.0.1"
},
{
"version_value": "2.4.0.3"
},
{
"version_value": "2.5.0.2"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in tasks, backend object generated for handling any action performed by the application in IBM Cloud Orchestrator. It is possible for an authenticated user to view any task of the current users domain."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94578",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94578"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg2C1000134",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000134"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-0202",
"datePublished": "2017-02-08T22:00:00.000Z",
"dateReserved": "2015-12-08T00:00:00.000Z",
"dateUpdated": "2024-08-05T22:08:13.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7494 (GCVE-0-2015-7494)
Vulnerability from nvd – Published: 2017-02-08 22:00 – Updated: 2024-08-06 07:51
VLAI
Summary
A vulnerability has been identified in IBM Cloud Orchestrator services/[action]/launch API. An authenticated domain admin user might modify cross domain resources via a /services/[action]/launch API call, provided it would have been possible for the domain admin user to gain access to a resource identifier of the other domain.
Severity
No CVSS data available.
CWE
- Gain Access
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg2C1000140 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/94438 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM Corporation | Cloud Orchestrator |
Affected:
2.2
Affected: 2.2.0.1 Affected: 2.3 Affected: 2.4 Affected: 2.3.0.1 Affected: 2.4.0.1 Affected: 2.4.0.2 Affected: 2.5 Affected: 2.5.0.1 Affected: 2.4.0.3 Affected: 2.5.0.2 |
Date Public
2016-11-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:51:28.123Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000140"
},
{
"name": "94438",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94438"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cloud Orchestrator",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "2.2"
},
{
"status": "affected",
"version": "2.2.0.1"
},
{
"status": "affected",
"version": "2.3"
},
{
"status": "affected",
"version": "2.4"
},
{
"status": "affected",
"version": "2.3.0.1"
},
{
"status": "affected",
"version": "2.4.0.1"
},
{
"status": "affected",
"version": "2.4.0.2"
},
{
"status": "affected",
"version": "2.5"
},
{
"status": "affected",
"version": "2.5.0.1"
},
{
"status": "affected",
"version": "2.4.0.3"
},
{
"status": "affected",
"version": "2.5.0.2"
}
]
}
],
"datePublic": "2016-11-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in IBM Cloud Orchestrator services/[action]/launch API. An authenticated domain admin user might modify cross domain resources via a /services/[action]/launch API call, provided it would have been possible for the domain admin user to gain access to a resource identifier of the other domain."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-09T10:57:02.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000140"
},
{
"name": "94438",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94438"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-7494",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cloud Orchestrator",
"version": {
"version_data": [
{
"version_value": "2.2"
},
{
"version_value": "2.2.0.1"
},
{
"version_value": "2.3"
},
{
"version_value": "2.4"
},
{
"version_value": "2.3.0.1"
},
{
"version_value": "2.4.0.1"
},
{
"version_value": "2.4.0.2"
},
{
"version_value": "2.5"
},
{
"version_value": "2.5.0.1"
},
{
"version_value": "2.4.0.3"
},
{
"version_value": "2.5.0.2"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in IBM Cloud Orchestrator services/[action]/launch API. An authenticated domain admin user might modify cross domain resources via a /services/[action]/launch API call, provided it would have been possible for the domain admin user to gain access to a resource identifier of the other domain."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg2C1000140",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000140"
},
{
"name": "94438",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94438"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-7494",
"datePublished": "2017-02-08T22:00:00.000Z",
"dateReserved": "2015-09-29T00:00:00.000Z",
"dateUpdated": "2024-08-06T07:51:28.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7494 (GCVE-0-2015-7494)
Vulnerability from cvelistv5 – Published: 2017-02-08 22:00 – Updated: 2024-08-06 07:51
VLAI
Summary
A vulnerability has been identified in IBM Cloud Orchestrator services/[action]/launch API. An authenticated domain admin user might modify cross domain resources via a /services/[action]/launch API call, provided it would have been possible for the domain admin user to gain access to a resource identifier of the other domain.
Severity
No CVSS data available.
CWE
- Gain Access
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg2C1000140 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/94438 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM Corporation | Cloud Orchestrator |
Affected:
2.2
Affected: 2.2.0.1 Affected: 2.3 Affected: 2.4 Affected: 2.3.0.1 Affected: 2.4.0.1 Affected: 2.4.0.2 Affected: 2.5 Affected: 2.5.0.1 Affected: 2.4.0.3 Affected: 2.5.0.2 |
Date Public
2016-11-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:51:28.123Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000140"
},
{
"name": "94438",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94438"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cloud Orchestrator",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "2.2"
},
{
"status": "affected",
"version": "2.2.0.1"
},
{
"status": "affected",
"version": "2.3"
},
{
"status": "affected",
"version": "2.4"
},
{
"status": "affected",
"version": "2.3.0.1"
},
{
"status": "affected",
"version": "2.4.0.1"
},
{
"status": "affected",
"version": "2.4.0.2"
},
{
"status": "affected",
"version": "2.5"
},
{
"status": "affected",
"version": "2.5.0.1"
},
{
"status": "affected",
"version": "2.4.0.3"
},
{
"status": "affected",
"version": "2.5.0.2"
}
]
}
],
"datePublic": "2016-11-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in IBM Cloud Orchestrator services/[action]/launch API. An authenticated domain admin user might modify cross domain resources via a /services/[action]/launch API call, provided it would have been possible for the domain admin user to gain access to a resource identifier of the other domain."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-09T10:57:02.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000140"
},
{
"name": "94438",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94438"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-7494",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cloud Orchestrator",
"version": {
"version_data": [
{
"version_value": "2.2"
},
{
"version_value": "2.2.0.1"
},
{
"version_value": "2.3"
},
{
"version_value": "2.4"
},
{
"version_value": "2.3.0.1"
},
{
"version_value": "2.4.0.1"
},
{
"version_value": "2.4.0.2"
},
{
"version_value": "2.5"
},
{
"version_value": "2.5.0.1"
},
{
"version_value": "2.4.0.3"
},
{
"version_value": "2.5.0.2"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in IBM Cloud Orchestrator services/[action]/launch API. An authenticated domain admin user might modify cross domain resources via a /services/[action]/launch API call, provided it would have been possible for the domain admin user to gain access to a resource identifier of the other domain."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg2C1000140",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000140"
},
{
"name": "94438",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94438"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-7494",
"datePublished": "2017-02-08T22:00:00.000Z",
"dateReserved": "2015-09-29T00:00:00.000Z",
"dateUpdated": "2024-08-06T07:51:28.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-0203 (GCVE-0-2016-0203)
Vulnerability from cvelistv5 – Published: 2017-02-08 22:00 – Updated: 2024-08-05 22:08
VLAI
Summary
A vulnerability has been identified in the IBM Cloud Orchestrator task API. The task API might allow an authenticated user to view background information associated with actions performed on virtual machines in projects where the user belongs to.
Severity
No CVSS data available.
CWE
- Obtain Information
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/94440 | vdb-entryx_refsource_BID |
| http://www.ibm.com/support/docview.wss?uid=swg2C1000140 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM Corporation | Cloud Orchestrator |
Affected:
2.2
Affected: 2.2.0.1 Affected: 2.3 Affected: 2.4 Affected: 2.3.0.1 Affected: 2.4.0.1 Affected: 2.4.0.2 Affected: 2.5 Affected: 2.5.0.1 Affected: 2.4.0.3 Affected: 2.5.0.2 |
Date Public
2016-11-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:08:13.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94440",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94440"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000140"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cloud Orchestrator",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "2.2"
},
{
"status": "affected",
"version": "2.2.0.1"
},
{
"status": "affected",
"version": "2.3"
},
{
"status": "affected",
"version": "2.4"
},
{
"status": "affected",
"version": "2.3.0.1"
},
{
"status": "affected",
"version": "2.4.0.1"
},
{
"status": "affected",
"version": "2.4.0.2"
},
{
"status": "affected",
"version": "2.5"
},
{
"status": "affected",
"version": "2.5.0.1"
},
{
"status": "affected",
"version": "2.4.0.3"
},
{
"status": "affected",
"version": "2.5.0.2"
}
]
}
],
"datePublic": "2016-11-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in the IBM Cloud Orchestrator task API. The task API might allow an authenticated user to view background information associated with actions performed on virtual machines in projects where the user belongs to."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-09T10:57:02.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "94440",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94440"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000140"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-0203",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cloud Orchestrator",
"version": {
"version_data": [
{
"version_value": "2.2"
},
{
"version_value": "2.2.0.1"
},
{
"version_value": "2.3"
},
{
"version_value": "2.4"
},
{
"version_value": "2.3.0.1"
},
{
"version_value": "2.4.0.1"
},
{
"version_value": "2.4.0.2"
},
{
"version_value": "2.5"
},
{
"version_value": "2.5.0.1"
},
{
"version_value": "2.4.0.3"
},
{
"version_value": "2.5.0.2"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in the IBM Cloud Orchestrator task API. The task API might allow an authenticated user to view background information associated with actions performed on virtual machines in projects where the user belongs to."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94440",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94440"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg2C1000140",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000140"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-0203",
"datePublished": "2017-02-08T22:00:00.000Z",
"dateReserved": "2015-12-08T00:00:00.000Z",
"dateUpdated": "2024-08-05T22:08:13.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-0206 (GCVE-0-2016-0206)
Vulnerability from cvelistv5 – Published: 2017-02-08 22:00 – Updated: 2024-08-05 22:08
VLAI
Summary
IBM Cloud Orchestrator could allow a local authenticated attacker to cause the server to slow down for a short period of time by using a specially crafted and malformed URL.
Severity
No CVSS data available.
CWE
- Denial of Service
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg2C1000141 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/94656 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM Corporation | Cloud Orchestrator |
Affected:
2.2
Affected: 2.2.0.1 Affected: 2.3 Affected: 2.4 Affected: 2.3.0.1 Affected: 2.4.0.1 Affected: 2.4.0.2 Affected: 2.5 Affected: 2.5.0.1 Affected: 2.4.0.3 Affected: 2.5.0.2 |
Date Public
2016-10-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:08:13.339Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000141"
},
{
"name": "94656",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94656"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cloud Orchestrator",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "2.2"
},
{
"status": "affected",
"version": "2.2.0.1"
},
{
"status": "affected",
"version": "2.3"
},
{
"status": "affected",
"version": "2.4"
},
{
"status": "affected",
"version": "2.3.0.1"
},
{
"status": "affected",
"version": "2.4.0.1"
},
{
"status": "affected",
"version": "2.4.0.2"
},
{
"status": "affected",
"version": "2.5"
},
{
"status": "affected",
"version": "2.5.0.1"
},
{
"status": "affected",
"version": "2.4.0.3"
},
{
"status": "affected",
"version": "2.5.0.2"
}
]
}
],
"datePublic": "2016-10-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IBM Cloud Orchestrator could allow a local authenticated attacker to cause the server to slow down for a short period of time by using a specially crafted and malformed URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-09T10:57:02.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000141"
},
{
"name": "94656",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94656"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-0206",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cloud Orchestrator",
"version": {
"version_data": [
{
"version_value": "2.2"
},
{
"version_value": "2.2.0.1"
},
{
"version_value": "2.3"
},
{
"version_value": "2.4"
},
{
"version_value": "2.3.0.1"
},
{
"version_value": "2.4.0.1"
},
{
"version_value": "2.4.0.2"
},
{
"version_value": "2.5"
},
{
"version_value": "2.5.0.1"
},
{
"version_value": "2.4.0.3"
},
{
"version_value": "2.5.0.2"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Cloud Orchestrator could allow a local authenticated attacker to cause the server to slow down for a short period of time by using a specially crafted and malformed URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg2C1000141",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000141"
},
{
"name": "94656",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94656"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-0206",
"datePublished": "2017-02-08T22:00:00.000Z",
"dateReserved": "2015-12-08T00:00:00.000Z",
"dateUpdated": "2024-08-05T22:08:13.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-0202 (GCVE-0-2016-0202)
Vulnerability from cvelistv5 – Published: 2017-02-08 22:00 – Updated: 2024-08-05 22:08
VLAI
Summary
A vulnerability has been identified in tasks, backend object generated for handling any action performed by the application in IBM Cloud Orchestrator. It is possible for an authenticated user to view any task of the current users domain.
Severity
No CVSS data available.
CWE
- Obtain Information
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/94578 | vdb-entryx_refsource_BID |
| http://www.ibm.com/support/docview.wss?uid=swg2C1000134 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM Corporation | Cloud Orchestrator |
Affected:
2.2
Affected: 2.2.0.1 Affected: 2.3 Affected: 2.4 Affected: 2.3.0.1 Affected: 2.4.0.1 Affected: 2.4.0.2 Affected: 2.5 Affected: 2.5.0.1 Affected: 2.4.0.3 Affected: 2.5.0.2 |
Date Public
2016-11-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:08:13.344Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94578",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94578"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000134"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cloud Orchestrator",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "2.2"
},
{
"status": "affected",
"version": "2.2.0.1"
},
{
"status": "affected",
"version": "2.3"
},
{
"status": "affected",
"version": "2.4"
},
{
"status": "affected",
"version": "2.3.0.1"
},
{
"status": "affected",
"version": "2.4.0.1"
},
{
"status": "affected",
"version": "2.4.0.2"
},
{
"status": "affected",
"version": "2.5"
},
{
"status": "affected",
"version": "2.5.0.1"
},
{
"status": "affected",
"version": "2.4.0.3"
},
{
"status": "affected",
"version": "2.5.0.2"
}
]
}
],
"datePublic": "2016-11-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in tasks, backend object generated for handling any action performed by the application in IBM Cloud Orchestrator. It is possible for an authenticated user to view any task of the current users domain."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-09T10:57:02.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "94578",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94578"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000134"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-0202",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cloud Orchestrator",
"version": {
"version_data": [
{
"version_value": "2.2"
},
{
"version_value": "2.2.0.1"
},
{
"version_value": "2.3"
},
{
"version_value": "2.4"
},
{
"version_value": "2.3.0.1"
},
{
"version_value": "2.4.0.1"
},
{
"version_value": "2.4.0.2"
},
{
"version_value": "2.5"
},
{
"version_value": "2.5.0.1"
},
{
"version_value": "2.4.0.3"
},
{
"version_value": "2.5.0.2"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in tasks, backend object generated for handling any action performed by the application in IBM Cloud Orchestrator. It is possible for an authenticated user to view any task of the current users domain."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94578",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94578"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg2C1000134",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000134"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-0202",
"datePublished": "2017-02-08T22:00:00.000Z",
"dateReserved": "2015-12-08T00:00:00.000Z",
"dateUpdated": "2024-08-05T22:08:13.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}