CVE-2015-7494

Summary

A vulnerability has been identified in IBM Cloud Orchestrator services/[action]/launch API. An authenticated domain admin user might modify cross domain resources via a /services/[action]/launch API call, provided it would have been possible for the domain admin user to gain access to a resource identifier of the other domain.

Affected Software

VendorProductVersion RangeStatus
IBM CorporationCloud Orchestrator2.2affected
IBM CorporationCloud Orchestrator2.2.0.1affected
IBM CorporationCloud Orchestrator2.3affected
IBM CorporationCloud Orchestrator2.4affected
IBM CorporationCloud Orchestrator2.3.0.1affected
IBM CorporationCloud Orchestrator2.4.0.1affected
IBM CorporationCloud Orchestrator2.4.0.2affected
IBM CorporationCloud Orchestrator2.5affected
IBM CorporationCloud Orchestrator2.5.0.1affected
IBM CorporationCloud Orchestrator2.4.0.3affected
IBM CorporationCloud Orchestrator2.5.0.2affected

Weaknesses

  • Gain Access

ADP Enrichment

CVE Program Container

Additional References

References