Описание
A vulnerability has been identified in IBM Cloud Orchestrator services/[action]/launch API. An authenticated domain admin user might modify cross domain resources via a /services/[action]/launch API call, provided it would have been possible for the domain admin user to gain access to a resource identifier of the other domain.
Ссылки
- PatchVendor Advisory
- Third Party AdvisoryVDB Entry
- PatchVendor Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:ibm:cloud_orchestrator:2.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:cloud_orchestrator:2.4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:cloud_orchestrator:2.4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:cloud_orchestrator:2.4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:cloud_orchestrator:2.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:cloud_orchestrator:2.5.01:*:*:*:*:*:*:*
cpe:2.3:a:ibm:smartcloud_orchestrator:2.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:smartcloud_orchestrator:2.3.0.1:*:*:*:*:*:*:*
EPSS
Процентиль: 26%
0.00092
Низкий
2.8 Low
CVSS3
1.7 Low
CVSS2
Дефекты
CWE-284
Связанные уязвимости
CVSS3: 2.8
github
больше 3 лет назад
A vulnerability has been identified in IBM Cloud Orchestrator services/[action]/launch API. An authenticated domain admin user might modify cross domain resources via a /services/[action]/launch API call, provided it would have been possible for the domain admin user to gain access to a resource identifier of the other domain.
EPSS
Процентиль: 26%
0.00092
Низкий
2.8 Low
CVSS3
1.7 Low
CVSS2
Дефекты
CWE-284