Lucene search
IbmCVELIST:CVE-2015-7494HistoryFeb 08, 2017 - 10:00 p.m.
CVE-2015-7494
2017-02-0822:00:00
ibm
www.cve.org
A vulnerability has been identified in IBM Cloud Orchestrator services/[action]/launch API. An authenticated domain admin user might modify cross domain resources via a /services/[action]/launch API call, provided it would have been possible for the domain admin user to gain access to a resource identifier of the other domain.
CNA Affected
[
{
"product": "Cloud Orchestrator",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "2.2"
},
{
"status": "affected",
"version": "2.2.0.1"
},
{
"status": "affected",
"version": "2.3"
},
{
"status": "affected",
"version": "2.4"
},
{
"status": "affected",
"version": "2.3.0.1"
},
{
"status": "affected",
"version": "2.4.0.1"
},
{
"status": "affected",
"version": "2.4.0.2"
},
{
"status": "affected",
"version": "2.5"
},
{
"status": "affected",
"version": "2.5.0.1"
},
{
"status": "affected",
"version": "2.4.0.3"
},
{
"status": "affected",
"version": "2.5.0.2"
}
]
}
]Related
nvd
nvd
CVE-2015-7494
2017-02-08 22:59:00
cve
cve
CVE-2015-7494
2017-02-08 22:59:00
prion
prion
Cross site scripting
2017-02-08 22:59:00
ibm
ibm