A vulnerability has been identified in IBM Cloud Orchestrator services/[action]/launch API. An authenticated domain admin user might modify cross domain resources via a /services/[action]/launch API call, provided it would have been possible for the domain admin user to gain access to a resource identifier of the other domain.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm cloud orchestrator 2.4 |
||
ibm smartcloud orchestrator 2.3.0.1 |
||
ibm smartcloud orchestrator 2.3 |
||
ibm cloud orchestrator 2.5.01 |
||
ibm cloud orchestrator 2.5 |
||
ibm cloud orchestrator 2.4.0.3 |
||
ibm cloud orchestrator 2.4.0.2 |
||
ibm cloud orchestrator 2.4.0.1 |