A potential denial of service vulnerability has been identified in IBM Cloud Orchestrator teamwork executeServiceByName API if an invalid URL is provided by local authenticated user. IBM Cloud Orchestrator, formerly known as IBM SmartCloud Orchestrator has addressed the issue.
CVE(s): CVE-2016-0206
Affected product(s) and affected version(s):
IBM Cloud Orchestrator V2.3, V2.3.0.1 V2.4, V2.4.0.1, V2.4.0.2
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2g0sZEQ
X-Force Database: http://ift.tt/2gYmcIS
from IBM Product Security Incident Response Team http://ift.tt/2g0rfv4
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.