Skip to main content

Cloud Orchestrator CVE-2016-0202

LOW
Information Exposure (CWE-200)
2017-02-08 psirt@us.ibm.com
3.3
CVSS 3.0 · NVD

Severity by source

NVD PRIMARY
3.3 LOW
AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Feb 08, 2017 - 22:59 cve.org
LOW 3.3

DescriptionCVE.org

A vulnerability has been identified in tasks, backend object generated for handling any action performed by the application in IBM Cloud Orchestrator. It is possible for an authenticated user to view any task of the current users domain.

AnalysisAI

A vulnerability has been identified in tasks, backend object generated for handling any action performed by the application in IBM Cloud Orchestrator. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. A vulnerability has been identified in tasks, backend object generated for handling any action performed by the application in IBM Cloud Orchestrator. It is possible for an authenticated user to view any task of the current users domain. Affected products include: Ibm Cloud Orchestrator.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

CVE-2019-4399 HIGH
7.5 Oct 25

IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 uses weaker than expected cryptographic algorithms th

CVE-2016-0204 MEDIUM
6.8 Oct 16

Open redirect vulnerability in IBM Cloud Orchestrator 2.4.x before 2.4.0 FP3 allows remote authenticated users to redire

CVE-2019-4397 MEDIUM
6.5 Oct 24

IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 stores sensitiv

CVE-2016-0203 MEDIUM
5.5 Feb 08

A vulnerability has been identified in the IBM Cloud Orchestrator task API. Rated medium severity (CVSS 5.5), this vulne

CVE-2019-4461 MEDIUM
5.4 Oct 25

IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP Response Splitting caused by im

CVE-2019-4396 MEDIUM
5.4 Oct 25

IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP response splitting attacks, cau

CVE-2019-4459 MEDIUM
5.4 Oct 24

IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 is vulnerable t

CVE-2019-4400 MEDIUM
4.3 Oct 25

IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a remote attacker to traverse directories

CVE-2016-0206 LOW
3.3 Feb 08

IBM Cloud Orchestrator could allow a local authenticated attacker to cause the server to slow down for a short period of

CVE-2019-4395 LOW
3.3 Oct 25

IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a local user to obtain sensitive informat

CVE-2019-4398 LOW
3.3 Oct 24

IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 could allow a l

CVE-2015-7494 LOW
2.8 Feb 08

A vulnerability has been identified in IBM Cloud Orchestrator services/[action]/launch API. Rated low severity (CVSS 2.8

Share

CVE-2016-0202 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy