Search criteria
4 vulnerabilities found for smartcloud_orchestrator by ibm
CVE-2016-0203 (GCVE-0-2016-0203)
Vulnerability from nvd – Published: 2017-02-08 22:00 – Updated: 2024-08-05 22:08
VLAI
Summary
A vulnerability has been identified in the IBM Cloud Orchestrator task API. The task API might allow an authenticated user to view background information associated with actions performed on virtual machines in projects where the user belongs to.
Severity
No CVSS data available.
CWE
- Obtain Information
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/94440 | vdb-entryx_refsource_BID |
| http://www.ibm.com/support/docview.wss?uid=swg2C1000140 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM Corporation | Cloud Orchestrator |
Affected:
2.2
Affected: 2.2.0.1 Affected: 2.3 Affected: 2.4 Affected: 2.3.0.1 Affected: 2.4.0.1 Affected: 2.4.0.2 Affected: 2.5 Affected: 2.5.0.1 Affected: 2.4.0.3 Affected: 2.5.0.2 |
Date Public
2016-11-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:08:13.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94440",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94440"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000140"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cloud Orchestrator",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "2.2"
},
{
"status": "affected",
"version": "2.2.0.1"
},
{
"status": "affected",
"version": "2.3"
},
{
"status": "affected",
"version": "2.4"
},
{
"status": "affected",
"version": "2.3.0.1"
},
{
"status": "affected",
"version": "2.4.0.1"
},
{
"status": "affected",
"version": "2.4.0.2"
},
{
"status": "affected",
"version": "2.5"
},
{
"status": "affected",
"version": "2.5.0.1"
},
{
"status": "affected",
"version": "2.4.0.3"
},
{
"status": "affected",
"version": "2.5.0.2"
}
]
}
],
"datePublic": "2016-11-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in the IBM Cloud Orchestrator task API. The task API might allow an authenticated user to view background information associated with actions performed on virtual machines in projects where the user belongs to."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-09T10:57:02.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "94440",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94440"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000140"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-0203",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cloud Orchestrator",
"version": {
"version_data": [
{
"version_value": "2.2"
},
{
"version_value": "2.2.0.1"
},
{
"version_value": "2.3"
},
{
"version_value": "2.4"
},
{
"version_value": "2.3.0.1"
},
{
"version_value": "2.4.0.1"
},
{
"version_value": "2.4.0.2"
},
{
"version_value": "2.5"
},
{
"version_value": "2.5.0.1"
},
{
"version_value": "2.4.0.3"
},
{
"version_value": "2.5.0.2"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in the IBM Cloud Orchestrator task API. The task API might allow an authenticated user to view background information associated with actions performed on virtual machines in projects where the user belongs to."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94440",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94440"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg2C1000140",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000140"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-0203",
"datePublished": "2017-02-08T22:00:00.000Z",
"dateReserved": "2015-12-08T00:00:00.000Z",
"dateUpdated": "2024-08-05T22:08:13.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7494 (GCVE-0-2015-7494)
Vulnerability from nvd – Published: 2017-02-08 22:00 – Updated: 2024-08-06 07:51
VLAI
Summary
A vulnerability has been identified in IBM Cloud Orchestrator services/[action]/launch API. An authenticated domain admin user might modify cross domain resources via a /services/[action]/launch API call, provided it would have been possible for the domain admin user to gain access to a resource identifier of the other domain.
Severity
No CVSS data available.
CWE
- Gain Access
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg2C1000140 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/94438 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM Corporation | Cloud Orchestrator |
Affected:
2.2
Affected: 2.2.0.1 Affected: 2.3 Affected: 2.4 Affected: 2.3.0.1 Affected: 2.4.0.1 Affected: 2.4.0.2 Affected: 2.5 Affected: 2.5.0.1 Affected: 2.4.0.3 Affected: 2.5.0.2 |
Date Public
2016-11-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:51:28.123Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000140"
},
{
"name": "94438",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94438"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cloud Orchestrator",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "2.2"
},
{
"status": "affected",
"version": "2.2.0.1"
},
{
"status": "affected",
"version": "2.3"
},
{
"status": "affected",
"version": "2.4"
},
{
"status": "affected",
"version": "2.3.0.1"
},
{
"status": "affected",
"version": "2.4.0.1"
},
{
"status": "affected",
"version": "2.4.0.2"
},
{
"status": "affected",
"version": "2.5"
},
{
"status": "affected",
"version": "2.5.0.1"
},
{
"status": "affected",
"version": "2.4.0.3"
},
{
"status": "affected",
"version": "2.5.0.2"
}
]
}
],
"datePublic": "2016-11-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in IBM Cloud Orchestrator services/[action]/launch API. An authenticated domain admin user might modify cross domain resources via a /services/[action]/launch API call, provided it would have been possible for the domain admin user to gain access to a resource identifier of the other domain."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-09T10:57:02.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000140"
},
{
"name": "94438",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94438"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-7494",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cloud Orchestrator",
"version": {
"version_data": [
{
"version_value": "2.2"
},
{
"version_value": "2.2.0.1"
},
{
"version_value": "2.3"
},
{
"version_value": "2.4"
},
{
"version_value": "2.3.0.1"
},
{
"version_value": "2.4.0.1"
},
{
"version_value": "2.4.0.2"
},
{
"version_value": "2.5"
},
{
"version_value": "2.5.0.1"
},
{
"version_value": "2.4.0.3"
},
{
"version_value": "2.5.0.2"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in IBM Cloud Orchestrator services/[action]/launch API. An authenticated domain admin user might modify cross domain resources via a /services/[action]/launch API call, provided it would have been possible for the domain admin user to gain access to a resource identifier of the other domain."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg2C1000140",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000140"
},
{
"name": "94438",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94438"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-7494",
"datePublished": "2017-02-08T22:00:00.000Z",
"dateReserved": "2015-09-29T00:00:00.000Z",
"dateUpdated": "2024-08-06T07:51:28.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7494 (GCVE-0-2015-7494)
Vulnerability from cvelistv5 – Published: 2017-02-08 22:00 – Updated: 2024-08-06 07:51
VLAI
Summary
A vulnerability has been identified in IBM Cloud Orchestrator services/[action]/launch API. An authenticated domain admin user might modify cross domain resources via a /services/[action]/launch API call, provided it would have been possible for the domain admin user to gain access to a resource identifier of the other domain.
Severity
No CVSS data available.
CWE
- Gain Access
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg2C1000140 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/94438 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM Corporation | Cloud Orchestrator |
Affected:
2.2
Affected: 2.2.0.1 Affected: 2.3 Affected: 2.4 Affected: 2.3.0.1 Affected: 2.4.0.1 Affected: 2.4.0.2 Affected: 2.5 Affected: 2.5.0.1 Affected: 2.4.0.3 Affected: 2.5.0.2 |
Date Public
2016-11-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:51:28.123Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000140"
},
{
"name": "94438",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94438"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cloud Orchestrator",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "2.2"
},
{
"status": "affected",
"version": "2.2.0.1"
},
{
"status": "affected",
"version": "2.3"
},
{
"status": "affected",
"version": "2.4"
},
{
"status": "affected",
"version": "2.3.0.1"
},
{
"status": "affected",
"version": "2.4.0.1"
},
{
"status": "affected",
"version": "2.4.0.2"
},
{
"status": "affected",
"version": "2.5"
},
{
"status": "affected",
"version": "2.5.0.1"
},
{
"status": "affected",
"version": "2.4.0.3"
},
{
"status": "affected",
"version": "2.5.0.2"
}
]
}
],
"datePublic": "2016-11-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in IBM Cloud Orchestrator services/[action]/launch API. An authenticated domain admin user might modify cross domain resources via a /services/[action]/launch API call, provided it would have been possible for the domain admin user to gain access to a resource identifier of the other domain."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-09T10:57:02.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000140"
},
{
"name": "94438",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94438"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-7494",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cloud Orchestrator",
"version": {
"version_data": [
{
"version_value": "2.2"
},
{
"version_value": "2.2.0.1"
},
{
"version_value": "2.3"
},
{
"version_value": "2.4"
},
{
"version_value": "2.3.0.1"
},
{
"version_value": "2.4.0.1"
},
{
"version_value": "2.4.0.2"
},
{
"version_value": "2.5"
},
{
"version_value": "2.5.0.1"
},
{
"version_value": "2.4.0.3"
},
{
"version_value": "2.5.0.2"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in IBM Cloud Orchestrator services/[action]/launch API. An authenticated domain admin user might modify cross domain resources via a /services/[action]/launch API call, provided it would have been possible for the domain admin user to gain access to a resource identifier of the other domain."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg2C1000140",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000140"
},
{
"name": "94438",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94438"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-7494",
"datePublished": "2017-02-08T22:00:00.000Z",
"dateReserved": "2015-09-29T00:00:00.000Z",
"dateUpdated": "2024-08-06T07:51:28.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-0203 (GCVE-0-2016-0203)
Vulnerability from cvelistv5 – Published: 2017-02-08 22:00 – Updated: 2024-08-05 22:08
VLAI
Summary
A vulnerability has been identified in the IBM Cloud Orchestrator task API. The task API might allow an authenticated user to view background information associated with actions performed on virtual machines in projects where the user belongs to.
Severity
No CVSS data available.
CWE
- Obtain Information
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/94440 | vdb-entryx_refsource_BID |
| http://www.ibm.com/support/docview.wss?uid=swg2C1000140 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM Corporation | Cloud Orchestrator |
Affected:
2.2
Affected: 2.2.0.1 Affected: 2.3 Affected: 2.4 Affected: 2.3.0.1 Affected: 2.4.0.1 Affected: 2.4.0.2 Affected: 2.5 Affected: 2.5.0.1 Affected: 2.4.0.3 Affected: 2.5.0.2 |
Date Public
2016-11-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:08:13.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "94440",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94440"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000140"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cloud Orchestrator",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "2.2"
},
{
"status": "affected",
"version": "2.2.0.1"
},
{
"status": "affected",
"version": "2.3"
},
{
"status": "affected",
"version": "2.4"
},
{
"status": "affected",
"version": "2.3.0.1"
},
{
"status": "affected",
"version": "2.4.0.1"
},
{
"status": "affected",
"version": "2.4.0.2"
},
{
"status": "affected",
"version": "2.5"
},
{
"status": "affected",
"version": "2.5.0.1"
},
{
"status": "affected",
"version": "2.4.0.3"
},
{
"status": "affected",
"version": "2.5.0.2"
}
]
}
],
"datePublic": "2016-11-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in the IBM Cloud Orchestrator task API. The task API might allow an authenticated user to view background information associated with actions performed on virtual machines in projects where the user belongs to."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-09T10:57:02.000Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "94440",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94440"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000140"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-0203",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cloud Orchestrator",
"version": {
"version_data": [
{
"version_value": "2.2"
},
{
"version_value": "2.2.0.1"
},
{
"version_value": "2.3"
},
{
"version_value": "2.4"
},
{
"version_value": "2.3.0.1"
},
{
"version_value": "2.4.0.1"
},
{
"version_value": "2.4.0.2"
},
{
"version_value": "2.5"
},
{
"version_value": "2.5.0.1"
},
{
"version_value": "2.4.0.3"
},
{
"version_value": "2.5.0.2"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in the IBM Cloud Orchestrator task API. The task API might allow an authenticated user to view background information associated with actions performed on virtual machines in projects where the user belongs to."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "94440",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94440"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg2C1000140",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000140"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-0203",
"datePublished": "2017-02-08T22:00:00.000Z",
"dateReserved": "2015-12-08T00:00:00.000Z",
"dateUpdated": "2024-08-05T22:08:13.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}