Vulnerability Details CVE-2015-7494
A vulnerability has been identified in IBM Cloud Orchestrator services/[action]/launch API. An authenticated domain admin user might modify cross domain resources via a /services/[action]/launch API call, provided it would have been possible for the domain admin user to gain access to a resource identifier of the other domain.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 27.1%
CVSS Severity
CVSS v3 Score 2.8
CVSS v2 Score 1.7
References
Products affected by CVE-2015-7494
-
cpe:2.3:a:ibm:cloud_orchestrator:2.4
-
cpe:2.3:a:ibm:cloud_orchestrator:2.4.0.1
-
cpe:2.3:a:ibm:cloud_orchestrator:2.4.0.2
-
cpe:2.3:a:ibm:cloud_orchestrator:2.4.0.3
-
cpe:2.3:a:ibm:cloud_orchestrator:2.5
-
cpe:2.3:a:ibm:cloud_orchestrator:2.5.01
-
cpe:2.3:a:ibm:smartcloud_orchestrator:2.3
-
cpe:2.3:a:ibm:smartcloud_orchestrator:2.3.0.1