VYPR
Low severity2.8NVD Advisory· Published Feb 8, 2017· Updated Jun 17, 2026

CVE-2015-7494

CVE-2015-7494

Description

A vulnerability has been identified in IBM Cloud Orchestrator services/[action]/launch API. An authenticated domain admin user might modify cross domain resources via a /services/[action]/launch API call, provided it would have been possible for the domain admin user to gain access to a resource identifier of the other domain.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

10
  • cpe:2.3:a:ibm:cloud_orchestrator:2.4:*:*:*:*:*:*:*+ 8 more
    • cpe:2.3:a:ibm:cloud_orchestrator:2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:cloud_orchestrator:2.4.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:cloud_orchestrator:2.4.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:cloud_orchestrator:2.4.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:cloud_orchestrator:2.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:cloud_orchestrator:2.5.01:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:smartcloud_orchestrator:2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:smartcloud_orchestrator:2.3.0.1:*:*:*:*:*:*:*
    • (no CPE)
  • IBM Corporation/Cloud Orchestratorv5
    Range: 2.2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.