CVE-2016-0203Sensitive Information Exposure in Corporation Cloud Orchestrator

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 80.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
IBM Corporation Cloud OrchestratorIBM Cloud OrchestratorIBM Smartcloud Orchestrator
Timeline
PublishedFeb 8
Latest updateMay 17

Description

A vulnerability has been identified in the IBM Cloud Orchestrator task API. The task API might allow an authenticated user to view background information associated with actions performed on virtual machines in projects where the user belongs to.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

NVDibm/cloud_orchestrator6 versions+5
NVDibm/smartcloud_orchestrator2.3, 2.3.0.1+1
CVEListV5ibm_corporation/cloud_orchestrator11 versions+10

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-v7v4-rfm9-vpp2: A vulnerability has been identified in the IBM Cloud Orchestrator task API2022-05-17
CVEList
CVE-2016-0203: A vulnerability has been identified in the IBM Cloud Orchestrator task API2017-02-08
CVE-2016-0203 — Sensitive Information Exposure | cvebase