CVE-2016-0202

low

Published 2017-02-08 · Modified 2026-05-13

CVSS v3

3.3

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v2

2.1

VIR risk

3.3

Description

A vulnerability has been identified in tasks, backend object generated for handling any action performed by the application in IBM Cloud Orchestrator. It is possible for an authenticated user to view any task of the current users domain.

Predictions

Exploit likelihood

34%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@us.ibm.com — http://www.ibm.com/support/docview.wss?uid=swg2C1000134

Application impact

Vendor	Product	Versions
ibm	cloud_orchestrator	`2.3`
ibm	cloud_orchestrator	`2.3.0.1`
ibm	cloud_orchestrator	`2.4`
ibm	cloud_orchestrator	`2.4.0.1`
ibm	cloud_orchestrator	`2.4.0.2`
ibm	cloud_orchestrator	`2.4.0.3`

References

http://www.ibm.com/support/docview.wss?uid=swg2C1000134
http://www.securityfocus.com/bid/94578
http://www.ibm.com/support/docview.wss?uid=swg2C1000134
http://www.securityfocus.com/bid/94578

CWEs

CWE-200

Verify integrity in audit chain (admin only). AS-IS.