CVE-2016-0203

MEDIUM

IBM Cloud Orchestrator - Info Disclosure

Title source: llm

Description

A vulnerability has been identified in the IBM Cloud Orchestrator task API. The task API might allow an authenticated user to view background information associated with actions performed on virtual machines in projects where the user belongs to.

References (2)

[Patch, Vendor Advisory] http://www.ibm.com/support/docview.wss?uid=swg2C1000140

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/94440

Scores

CVSS v3 5.5

EPSS 0.0006

EPSS Percentile 19.0%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-200

Status published

Affected Products (19)

ibm/cloud_orchestrator

ibm/smartcloud_orchestrator

IBM Corporation/Cloud Orchestrator < 2.2

IBM Corporation/Cloud Orchestrator < 2.2.0.1

IBM Corporation/Cloud Orchestrator < 2.3

IBM Corporation/Cloud Orchestrator < 2.4

IBM Corporation/Cloud Orchestrator < 2.3.0.1

IBM Corporation/Cloud Orchestrator < 2.4.0.1

IBM Corporation/Cloud Orchestrator < 2.4.0.2

... and 4 more

Timeline

Published Feb 08, 2017

Tracked Since Feb 18, 2026