Skip to main content

Cloud Orchestrator CVE-2015-7494

LOW
Improper Access Control (CWE-284)
2017-02-08 psirt@us.ibm.com
2.8
CVSS 3.0 · NVD

Severity by source

NVD PRIMARY
2.8 LOW
AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Feb 08, 2017 - 22:59 cve.org
LOW 2.8

DescriptionCVE.org

A vulnerability has been identified in IBM Cloud Orchestrator services/[action]/launch API. An authenticated domain admin user might modify cross domain resources via a /services/[action]/launch API call, provided it would have been possible for the domain admin user to gain access to a resource identifier of the other domain.

AnalysisAI

A vulnerability has been identified in IBM Cloud Orchestrator services/[action]/launch API. Rated low severity (CVSS 2.8).

Technical ContextAI

This vulnerability is classified under CWE-284. A vulnerability has been identified in IBM Cloud Orchestrator services/[action]/launch API. An authenticated domain admin user might modify cross domain resources via a /services/[action]/launch API call, provided it would have been possible for the domain admin user to gain access to a resource identifier of the other domain. Affected products include: Ibm Cloud Orchestrator, Ibm Smartcloud Orchestrator.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2019-4399 HIGH
7.5 Oct 25

IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 uses weaker than expected cryptographic algorithms th

CVE-2016-0204 MEDIUM
6.8 Oct 16

Open redirect vulnerability in IBM Cloud Orchestrator 2.4.x before 2.4.0 FP3 allows remote authenticated users to redire

CVE-2019-4397 MEDIUM
6.5 Oct 24

IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 stores sensitiv

CVE-2016-0203 MEDIUM
5.5 Feb 08

A vulnerability has been identified in the IBM Cloud Orchestrator task API. Rated medium severity (CVSS 5.5), this vulne

CVE-2019-4461 MEDIUM
5.4 Oct 25

IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP Response Splitting caused by im

CVE-2019-4396 MEDIUM
5.4 Oct 25

IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP response splitting attacks, cau

CVE-2019-4459 MEDIUM
5.4 Oct 24

IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 is vulnerable t

CVE-2019-4400 MEDIUM
4.3 Oct 25

IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a remote attacker to traverse directories

CVE-2016-0202 LOW
3.3 Feb 08

A vulnerability has been identified in tasks, backend object generated for handling any action performed by the applicat

CVE-2016-0206 LOW
3.3 Feb 08

IBM Cloud Orchestrator could allow a local authenticated attacker to cause the server to slow down for a short period of

CVE-2019-4395 LOW
3.3 Oct 25

IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a local user to obtain sensitive informat

CVE-2019-4398 LOW
3.3 Oct 24

IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 could allow a l

Share

CVE-2015-7494 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy