Lucene search

[email protected]CVE-2016-0202

HistoryFeb 08, 2017 - 10:59 p.m.

CVE-2016-0202

2017-02-0822:59:00

CWE-200

[email protected]

web.nvd.nist.gov

ibm cloud orchestrator

vulnerability

authenticated users

tasks viewing

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

3.8 Low

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

A vulnerability has been identified in tasks, backend object generated for handling any action performed by the application in IBM Cloud Orchestrator. It is possible for an authenticated user to view any task of the current users domain.

Affected configurations

Vulners

NVD

Node

ibm_corporationcloud_orchestratorMatch2.2

ibm_corporationcloud_orchestratorMatch2.2.0.1

ibm_corporationcloud_orchestratorMatch2.3

ibm_corporationcloud_orchestratorMatch2.4

ibm_corporationcloud_orchestratorMatch2.3.0.1

ibm_corporationcloud_orchestratorMatch2.4.0.1

ibm_corporationcloud_orchestratorMatch2.4.0.2

ibm_corporationcloud_orchestratorMatch2.5

ibm_corporationcloud_orchestratorMatch2.5.0.1

ibm_corporationcloud_orchestratorMatch2.4.0.3

ibm_corporationcloud_orchestratorMatch2.5.0.2

CPENameOperatorVersion
ibm:cloud_orchestratoribm cloud orchestratoreq2.3
ibm:cloud_orchestratoribm cloud orchestratoreq2.3.0.1
ibm:cloud_orchestratoribm cloud orchestratoreq2.4
ibm:cloud_orchestratoribm cloud orchestratoreq2.4.0.1
ibm:cloud_orchestratoribm cloud orchestratoreq2.4.0.2
ibm:cloud_orchestratoribm cloud orchestratoreq2.4.0.3

CPE	Name	Operator	Version
ibm:cloud_orchestrator	ibm cloud orchestrator	eq	2.3
ibm:cloud_orchestrator	ibm cloud orchestrator	eq	2.3.0.1
ibm:cloud_orchestrator	ibm cloud orchestrator	eq	2.4
ibm:cloud_orchestrator	ibm cloud orchestrator	eq	2.4.0.1
ibm:cloud_orchestrator	ibm cloud orchestrator	eq	2.4.0.2
ibm:cloud_orchestrator	ibm cloud orchestrator	eq	2.4.0.3

CNA Affected

[
  {
    "product": "Cloud Orchestrator",
    "vendor": "IBM Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "2.2"
      },
      {
        "status": "affected",
        "version": "2.2.0.1"
      },
      {
        "status": "affected",
        "version": "2.3"
      },
      {
        "status": "affected",
        "version": "2.4"
      },
      {
        "status": "affected",
        "version": "2.3.0.1"
      },
      {
        "status": "affected",
        "version": "2.4.0.1"
      },
      {
        "status": "affected",
        "version": "2.4.0.2"
      },
      {
        "status": "affected",
        "version": "2.5"
      },
      {
        "status": "affected",
        "version": "2.5.0.1"
      },
      {
        "status": "affected",
        "version": "2.4.0.3"
      },
      {
        "status": "affected",
        "version": "2.5.0.2"
      }
    ]
  }
]

References

www.ibm.com/support/docview.wss?uid=swg2C1000134

www.securityfocus.com/bid/94578

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

3.8 Low

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Related for CVE-2016-0202

ibm1 cvelist1 nvd1 prion1