Denial of Service Vulnerability in IBM Cloud Orchestrator
CVE-2016-0206

3.3LOW

Key Information:

Vendor: IBM Corporation
Status: Cloud Orchestrator
Vendor: CVE Published:; 8 February 2017

Summary

IBM Cloud Orchestrator contains a vulnerability that allows a local authenticated attacker to exploit the system through the use of specially crafted malformed URLs. This could lead to a temporary degradation in server performance, causing service slowdowns for users. Administrators should ensure that their systems are updated and monitored to mitigate potential exploitation of this flaw.

Affected Version(s)

Cloud Orchestrator 2.2

Cloud Orchestrator 2.2.0.1

Cloud Orchestrator 2.3

References

http://www.ibm.com/support/docview.wss?uid=swg2C1000141

x_refsource_CONFIRM

http://www.securityfocus.com/bid/94656

vdb-entryx_refsource_BID

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 8, 2017
Vulnerability Reserved
Dec 8, 2015