Security Bulletin: Vulnerabilities in IBM Cloud Orchestrator (CVE-2016-0203, CVE-2015-7494)

Summary IBM Cloud Orchestrator has identified Cross Domain Services Action and Virtual Machine Authentication vulnerabilities. IBM Cloud Orchestrator, formerly known as SmartCloud Orchestrator, has addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2016-0203 DESCRIPTION: A...

CVE-2016-0203

The CVE-2016-0203 issue affects IBM Cloud Orchestrator task API. An authenticated user could view background information related to actions on virtual machines within projects the user belongs to. The IBM advisory lists affected releases (Cloud Orchestrator V2.5 and V2.4 families, plus SmartCloud...