Vulnerabilites related to ibm - urbancode_deploy
CVE-2020-4482 (GCVE-0-2020-4482)
Vulnerability from cvelistv5
Published
2020-11-06 13:40
Modified
2024-09-16 16:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Bypass Security
Summary
IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could allow an authenticated user to bypass security. A user with access to a snapshot could apply unauthorized additional statuses via direct rest calls. IBM X-Force ID: 181856.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6337603 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/181856 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | UrbanCode Deploy |
Version: 6.2.7.3 Version: 7.0.3.0 Version: 7.0.4.0 Version: 6.2.7.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:07:49.034Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6337603"
},
{
"name": "ibm-ucd-cve20204482-sec-bypass (181856)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181856"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.2.7.3"
},
{
"status": "affected",
"version": "7.0.3.0"
},
{
"status": "affected",
"version": "7.0.4.0"
},
{
"status": "affected",
"version": "6.2.7.4"
}
]
}
],
"datePublic": "2020-11-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could allow an authenticated user to bypass security. A user with access to a snapshot could apply unauthorized additional statuses via direct rest calls. IBM X-Force ID: 181856."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/C:N/AC:H/PR:L/I:H/A:N/S:U/UI:N/AV:N/RC:C/E:U/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Bypass Security",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-06T13:40:18",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6337603"
},
{
"name": "ibm-ucd-cve20204482-sec-bypass (181856)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181856"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-11-05T00:00:00",
"ID": "CVE-2020-4482",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UrbanCode Deploy",
"version": {
"version_data": [
{
"version_value": "6.2.7.3"
},
{
"version_value": "7.0.3.0"
},
{
"version_value": "7.0.4.0"
},
{
"version_value": "6.2.7.4"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could allow an authenticated user to bypass security. A user with access to a snapshot could apply unauthorized additional statuses via direct rest calls. IBM X-Force ID: 181856."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "N",
"I": "H",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Bypass Security"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6337603",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6337603 (UrbanCode Deploy)",
"url": "https://www.ibm.com/support/pages/node/6337603"
},
{
"name": "ibm-ucd-cve20204482-sec-bypass (181856)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181856"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4482",
"datePublished": "2020-11-06T13:40:18.669016Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T16:48:01.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-0365 (GCVE-0-2016-0365)
Vulnerability from cvelistv5
Published
2016-07-01 01:00
Modified
2024-08-05 22:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1, when agent-relay Codestation artifact caching is enabled, allows remote attackers to bypass authentication and obtain sensitive artifact information via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg2C1000149 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/91526 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:15:24.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg2C1000149"
},
{
"name": "91526",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91526"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1, when agent-relay Codestation artifact caching is enabled, allows remote attackers to bypass authentication and obtain sensitive artifact information via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg2C1000149"
},
{
"name": "91526",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91526"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-0365",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1, when agent-relay Codestation artifact caching is enabled, allows remote attackers to bypass authentication and obtain sensitive artifact information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg2C1000149",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg2C1000149"
},
{
"name": "91526",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91526"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-0365",
"datePublished": "2016-07-01T01:00:00",
"dateReserved": "2015-12-08T00:00:00",
"dateUpdated": "2024-08-05T22:15:24.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6068 (GCVE-0-2016-6068)
Vulnerability from cvelistv5
Published
2017-02-01 22:00
Modified
2024-08-06 01:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Obtain Information
Summary
IBM UrbanCode Deploy could allow an authenticated user with access to the REST endpoints to access API and CLI getResource secured role properties.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg2C1000229 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/95290 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | UrbanCode Deploy |
Version: 6.1.0.2 Version: 6.0 Version: 6.0.1 Version: 6.0.1.1 Version: 6.0.1.2 Version: 6.0.1.3 Version: 6.0.1.4 Version: 6.0.1.5 Version: 6.0.1.6 Version: 6.1 Version: 6.1.0.1 Version: 6.1.0.3 Version: 6.0.1.7 Version: 6.0.1.8 Version: 6.1.0.4 Version: 6.1.1 Version: 6.1.1.1 Version: 6.1.1.2 Version: 6.1.1.3 Version: 6.1.1.4 Version: 6.1.1.5 Version: 6.0.1.9 Version: 6.1.1.6 Version: 6.1.1.7 Version: 6.1.2 Version: 6.0.1.10 Version: 6.0.1.11 Version: 6.1.1.8 Version: 6.1.3 Version: 6.1.3.1 Version: 6.2 Version: 6.2.0.1 Version: 6.0.1.12 Version: 6.1.3.2 Version: 6.2.0.2 Version: 6.2.1 Version: 6.0.1.13 Version: 6.2.1.1 Version: 6.0.1.14 Version: 6.1.3.3 Version: 6.2.1.2 Version: 6.2.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:22:19.009Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000229"
},
{
"name": "95290",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95290"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UrbanCode Deploy",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "6.1.0.2"
},
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "6.0.1"
},
{
"status": "affected",
"version": "6.0.1.1"
},
{
"status": "affected",
"version": "6.0.1.2"
},
{
"status": "affected",
"version": "6.0.1.3"
},
{
"status": "affected",
"version": "6.0.1.4"
},
{
"status": "affected",
"version": "6.0.1.5"
},
{
"status": "affected",
"version": "6.0.1.6"
},
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.1.0.1"
},
{
"status": "affected",
"version": "6.1.0.3"
},
{
"status": "affected",
"version": "6.0.1.7"
},
{
"status": "affected",
"version": "6.0.1.8"
},
{
"status": "affected",
"version": "6.1.0.4"
},
{
"status": "affected",
"version": "6.1.1"
},
{
"status": "affected",
"version": "6.1.1.1"
},
{
"status": "affected",
"version": "6.1.1.2"
},
{
"status": "affected",
"version": "6.1.1.3"
},
{
"status": "affected",
"version": "6.1.1.4"
},
{
"status": "affected",
"version": "6.1.1.5"
},
{
"status": "affected",
"version": "6.0.1.9"
},
{
"status": "affected",
"version": "6.1.1.6"
},
{
"status": "affected",
"version": "6.1.1.7"
},
{
"status": "affected",
"version": "6.1.2"
},
{
"status": "affected",
"version": "6.0.1.10"
},
{
"status": "affected",
"version": "6.0.1.11"
},
{
"status": "affected",
"version": "6.1.1.8"
},
{
"status": "affected",
"version": "6.1.3"
},
{
"status": "affected",
"version": "6.1.3.1"
},
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.2.0.1"
},
{
"status": "affected",
"version": "6.0.1.12"
},
{
"status": "affected",
"version": "6.1.3.2"
},
{
"status": "affected",
"version": "6.2.0.2"
},
{
"status": "affected",
"version": "6.2.1"
},
{
"status": "affected",
"version": "6.0.1.13"
},
{
"status": "affected",
"version": "6.2.1.1"
},
{
"status": "affected",
"version": "6.0.1.14"
},
{
"status": "affected",
"version": "6.1.3.3"
},
{
"status": "affected",
"version": "6.2.1.2"
},
{
"status": "affected",
"version": "6.2.2"
}
]
}
],
"datePublic": "2016-11-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy could allow an authenticated user with access to the REST endpoints to access API and CLI getResource secured role properties."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-02T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000229"
},
{
"name": "95290",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95290"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-6068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UrbanCode Deploy",
"version": {
"version_data": [
{
"version_value": "6.1.0.2"
},
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "6.0.1.1"
},
{
"version_value": "6.0.1.2"
},
{
"version_value": "6.0.1.3"
},
{
"version_value": "6.0.1.4"
},
{
"version_value": "6.0.1.5"
},
{
"version_value": "6.0.1.6"
},
{
"version_value": "6.1"
},
{
"version_value": "6.1.0.1"
},
{
"version_value": "6.1.0.3"
},
{
"version_value": "6.0.1.7"
},
{
"version_value": "6.0.1.8"
},
{
"version_value": "6.1.0.4"
},
{
"version_value": "6.1.1"
},
{
"version_value": "6.1.1.1"
},
{
"version_value": "6.1.1.2"
},
{
"version_value": "6.1.1.3"
},
{
"version_value": "6.1.1.4"
},
{
"version_value": "6.1.1.5"
},
{
"version_value": "6.0.1.9"
},
{
"version_value": "6.1.1.6"
},
{
"version_value": "6.1.1.7"
},
{
"version_value": "6.1.2"
},
{
"version_value": "6.0.1.10"
},
{
"version_value": "6.0.1.11"
},
{
"version_value": "6.1.1.8"
},
{
"version_value": "6.1.3"
},
{
"version_value": "6.1.3.1"
},
{
"version_value": "6.2"
},
{
"version_value": "6.2.0.1"
},
{
"version_value": "6.0.1.12"
},
{
"version_value": "6.1.3.2"
},
{
"version_value": "6.2.0.2"
},
{
"version_value": "6.2.1"
},
{
"version_value": "6.0.1.13"
},
{
"version_value": "6.2.1.1"
},
{
"version_value": "6.0.1.14"
},
{
"version_value": "6.1.3.3"
},
{
"version_value": "6.2.1.2"
},
{
"version_value": "6.2.2"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM UrbanCode Deploy could allow an authenticated user with access to the REST endpoints to access API and CLI getResource secured role properties."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg2C1000229",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000229"
},
{
"name": "95290",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95290"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-6068",
"datePublished": "2017-02-01T22:00:00",
"dateReserved": "2016-06-29T00:00:00",
"dateUpdated": "2024-08-06T01:22:19.009Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1149 (GCVE-0-2017-1149)
Vulnerability from cvelistv5
Published
2017-04-25 18:00
Modified
2024-08-05 13:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Gain Access
Summary
IBM UrbanCode Deploy (UCD) 6.0, 6.1, and 6.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 122202.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg2C1000289 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/98026 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | UrbanCode Deploy |
Version: 6.1.0.2, 6.0, 6.0.1, 6.0.1.1, 6.0.1.2, 6.0.1.3, 6.0.1.4, 6.0.1.5, 6.0.1.6, 6.1, 6.1.0.1, 6.1.0.3, 6.0.1.7, 6.0.1.8, 6.1.0.4, 6.1.1, 6.1.1.1, 6.1.1.2, 6.1.1.3, 6.1.1.4, 6.1.1.5, 6.0.1.9, 6.1.1.6, 6.1.1.7, 6.1.2, 6.0.1.10, 6.0.1.11, 6.1.1.8, 6.1.3, 6.1.3.1, 6.2, 6.2.0.1, 6.0.1.12, 6.1.3.2, 6.2.0.2, 6.2.1, 6.0.1.13, 6.2.1.1, 6.0.1.14, 6.1.3.3, 6.2.1.2, 6.2.2, 6.2.2.1, 6.2.3.0, 6.2.3.1, 6.1.3.4, 6.1.3.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:25:17.306Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000289"
},
{
"name": "98026",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98026"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.1.0.2, 6.0, 6.0.1, 6.0.1.1, 6.0.1.2, 6.0.1.3, 6.0.1.4, 6.0.1.5, 6.0.1.6, 6.1, 6.1.0.1, 6.1.0.3, 6.0.1.7, 6.0.1.8, 6.1.0.4, 6.1.1, 6.1.1.1, 6.1.1.2, 6.1.1.3, 6.1.1.4, 6.1.1.5, 6.0.1.9, 6.1.1.6, 6.1.1.7, 6.1.2, 6.0.1.10, 6.0.1.11, 6.1.1.8, 6.1.3, 6.1.3.1, 6.2, 6.2.0.1, 6.0.1.12, 6.1.3.2, 6.2.0.2, 6.2.1, 6.0.1.13, 6.2.1.1, 6.0.1.14, 6.1.3.3, 6.2.1.2, 6.2.2, 6.2.2.1, 6.2.3.0, 6.2.3.1, 6.1.3.4, 6.1.3.5"
}
]
}
],
"datePublic": "2017-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 6.0, 6.1, and 6.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 122202."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-27T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000289"
},
{
"name": "98026",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98026"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2017-1149",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UrbanCode Deploy",
"version": {
"version_data": [
{
"version_value": "6.1.0.2, 6.0, 6.0.1, 6.0.1.1, 6.0.1.2, 6.0.1.3, 6.0.1.4, 6.0.1.5, 6.0.1.6, 6.1, 6.1.0.1, 6.1.0.3, 6.0.1.7, 6.0.1.8, 6.1.0.4, 6.1.1, 6.1.1.1, 6.1.1.2, 6.1.1.3, 6.1.1.4, 6.1.1.5, 6.0.1.9, 6.1.1.6, 6.1.1.7, 6.1.2, 6.0.1.10, 6.0.1.11, 6.1.1.8, 6.1.3, 6.1.3.1, 6.2, 6.2.0.1, 6.0.1.12, 6.1.3.2, 6.2.0.2, 6.2.1, 6.0.1.13, 6.2.1.1, 6.0.1.14, 6.1.3.3, 6.2.1.2, 6.2.2, 6.2.2.1, 6.2.3.0, 6.2.3.1, 6.1.3.4, 6.1.3.5"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM UrbanCode Deploy (UCD) 6.0, 6.1, and 6.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 122202."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg2C1000289",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000289"
},
{
"name": "98026",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98026"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1149",
"datePublished": "2017-04-25T18:00:00",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-08-05T13:25:17.306Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4944 (GCVE-0-2020-4944)
Vulnerability from cvelistv5
Published
2021-03-30 16:00
Modified
2024-09-17 00:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Obtain Information
Summary
IBM UrbanCode Deploy (UCD) 7.0.3.0, 7.0.4.0, 7.0.5.3, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2, stores keystore passwords in plain text after a manual edit, which can be read by a local user. IBM X-Force ID: 191944.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6437567 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/191944 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | UrbanCode Deploy |
Version: 7.0.3.0 Version: 7.0.4.0 Version: 7.1.0.0 Version: 7.0.5.3 Version: 7.1.1.0 Version: 7.0.5.4 Version: 7.1.1.1 Version: 7.1.1.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:59.185Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6437567"
},
{
"name": "ibm-ucd-cve20204944-info-disc (191944)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191944"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.3.0"
},
{
"status": "affected",
"version": "7.0.4.0"
},
{
"status": "affected",
"version": "7.1.0.0"
},
{
"status": "affected",
"version": "7.0.5.3"
},
{
"status": "affected",
"version": "7.1.1.0"
},
{
"status": "affected",
"version": "7.0.5.4"
},
{
"status": "affected",
"version": "7.1.1.1"
},
{
"status": "affected",
"version": "7.1.1.2"
}
]
}
],
"datePublic": "2021-03-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 7.0.3.0, 7.0.4.0, 7.0.5.3, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2, stores keystore passwords in plain text after a manual edit, which can be read by a local user. IBM X-Force ID: 191944."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/UI:N/AC:H/I:N/PR:N/S:U/C:H/AV:L/A:N/RC:C/RL:O/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-29T09:58:21",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6437567"
},
{
"name": "ibm-ucd-cve20204944-info-disc (191944)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191944"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-03-29T00:00:00",
"ID": "CVE-2020-4944",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UrbanCode Deploy",
"version": {
"version_data": [
{
"version_value": "7.0.3.0"
},
{
"version_value": "7.0.4.0"
},
{
"version_value": "7.1.0.0"
},
{
"version_value": "7.0.5.3"
},
{
"version_value": "7.1.1.0"
},
{
"version_value": "7.0.5.4"
},
{
"version_value": "7.1.1.1"
},
{
"version_value": "7.1.1.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM UrbanCode Deploy (UCD) 7.0.3.0, 7.0.4.0, 7.0.5.3, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2, stores keystore passwords in plain text after a manual edit, which can be read by a local user. IBM X-Force ID: 191944."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "L",
"C": "H",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6437567",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6437567 (UrbanCode Deploy)",
"url": "https://www.ibm.com/support/pages/node/6437567"
},
{
"name": "ibm-ucd-cve20204944-info-disc (191944)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191944"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4944",
"datePublished": "2021-03-30T16:00:27.121714Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-17T00:05:27.778Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-55904 (GCVE-0-2024-55904)
Vulnerability from cvelistv5
Published
2025-02-14 03:23
Modified
2025-02-14 14:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 / IBM UrbanCode Deploy 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.9 could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7182841 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | UrbanCode Deploy |
Version: 7.0 ≤ 7.0.5.25 Version: 7.1 ≤ 7.1.2.21 Version: 7.2 ≤ 7.2.3.14 Version: 7.3 ≤ 7.3.2.9 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-55904",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-14T14:45:31.224840Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-14T14:46:04.073Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.0.5.25",
"status": "affected",
"version": "7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.2.21",
"status": "affected",
"version": "7.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.3.14",
"status": "affected",
"version": "7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.2.9",
"status": "affected",
"version": "7.3",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DevOps Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "8.0.1.4",
"status": "affected",
"version": "8.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.1.0.0",
"status": "affected",
"version": "8.1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 / IBM UrbanCode Deploy 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.9 could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements."
}
],
"value": "IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 / IBM UrbanCode Deploy 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.9 could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-14T03:23:49.065Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7182841"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM DevOps Deploy / IBM UrbanCode Deploy command injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-55904",
"datePublished": "2025-02-14T03:23:49.065Z",
"dateReserved": "2024-12-12T18:07:11.453Z",
"dateUpdated": "2025-02-14T14:46:04.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22327 (GCVE-0-2022-22327)
Vulnerability from cvelistv5
Published
2022-04-01 16:45
Modified
2024-09-17 00:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Gain Privileges
Summary
IBM UrbanCode Deploy (UCD) 7.0.5, 7.1.0, 7.1.1, and 7.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 218859.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6568551 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/218859 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | UrbanCode Deploy |
Version: 7.0.5 Version: 7.1.0 Version: 7.1.1 Version: 7.1.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:50.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6568551"
},
{
"name": "ibm-ucd-cve202222327-session-fixation (218859)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/218859"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.5"
},
{
"status": "affected",
"version": "7.1.0"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "7.1.2"
}
]
}
],
"datePublic": "2022-03-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 7.0.5, 7.1.0, 7.1.1, and 7.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 218859."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/C:H/I:N/PR:N/AC:H/UI:N/AV:N/S:U/A:N/E:U/RL:O/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-01T16:45:24",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6568551"
},
{
"name": "ibm-ucd-cve202222327-session-fixation (218859)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/218859"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-03-31T00:00:00",
"ID": "CVE-2022-22327",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UrbanCode Deploy",
"version": {
"version_data": [
{
"version_value": "7.0.5"
},
{
"version_value": "7.1.0"
},
{
"version_value": "7.1.1"
},
{
"version_value": "7.1.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM UrbanCode Deploy (UCD) 7.0.5, 7.1.0, 7.1.1, and 7.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 218859."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "H",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6568551",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6568551 (UrbanCode Deploy)",
"url": "https://www.ibm.com/support/pages/node/6568551"
},
{
"name": "ibm-ucd-cve202222327-session-fixation (218859)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/218859"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2022-22327",
"datePublished": "2022-04-01T16:45:24.396189Z",
"dateReserved": "2022-01-03T00:00:00",
"dateUpdated": "2024-09-17T00:55:54.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46771 (GCVE-0-2022-46771)
Vulnerability from cvelistv5
Published
2022-12-20 19:40
Modified
2025-04-16 14:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.18, 7.0.5.0 through 7.0.5.13, 7.1.0.0 through 7.1.2.9, 7.2.0.0 through 7.2.3.2 and 7.3.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 242273.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6848897 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/242273 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | UrbanCode Deploy (UCD) |
Version: 6.2.0.0 ≤ Version: 7.0.5.0 ≤ Version: 7.1.0.0 ≤ Version: 7.2.0.0 ≤ Version: 7.3.0.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:39:38.963Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6848897"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/242273"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-46771",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T14:49:36.804369Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T14:49:50.868Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UrbanCode Deploy (UCD)",
"vendor": "IBM",
"versions": [
{
"lessThan": "6.2.7.18",
"status": "affected",
"version": "6.2.0.0",
"versionType": "semver"
},
{
"lessThan": "7.0.5.13",
"status": "affected",
"version": "7.0.5.0",
"versionType": "semver"
},
{
"lessThan": "7.1.2.9",
"status": "affected",
"version": "7.1.0.0",
"versionType": "semver"
},
{
"lessThan": "7.2.3.2",
"status": "affected",
"version": "7.2.0.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "7.3.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(204, 217, 226);\"\u003eIBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.18, 7.0.5.0 through 7.0.5.13, 7.1.0.0 through 7.1.2.9, 7.2.0.0 through 7.2.3.2 and 7.3.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 242273.\u003c/span\u003e\n\n"
}
],
"value": "\nIBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.18, 7.0.5.0 through 7.0.5.13, 7.1.0.0 through 7.1.2.9, 7.2.0.0 through 7.2.3.2 and 7.3.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 242273.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-20T19:40:41.039Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/6848897"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/242273"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM UrbanCode Deploy (UCD) cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2022-46771",
"datePublished": "2022-12-20T19:40:41.039Z",
"dateReserved": "2022-12-07T20:04:47.504Z",
"dateUpdated": "2025-04-16T14:49:50.868Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4481 (GCVE-0-2020-4481)
Vulnerability from cvelistv5
Published
2020-08-05 13:15
Modified
2024-09-16 19:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Informational
Summary
IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181848.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6256128 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/181848 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | UrbanCode Deploy |
Version: 6.2.7.3 Version: 7.0.3.0 Version: 7.0.4.0 Version: 6.2.7.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:07:49.050Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6256128"
},
{
"name": "ibm-ucd-cve20204481-xxe (181848)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181848"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.2.7.3"
},
{
"status": "affected",
"version": "7.0.3.0"
},
{
"status": "affected",
"version": "7.0.4.0"
},
{
"status": "affected",
"version": "6.2.7.4"
}
]
}
],
"datePublic": "2020-08-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181848."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 7.1,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/S:U/AC:L/A:L/UI:N/AV:N/PR:N/C:H/I:N/RL:O/E:U/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Informational",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-05T13:15:17",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6256128"
},
{
"name": "ibm-ucd-cve20204481-xxe (181848)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181848"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-08-04T00:00:00",
"ID": "CVE-2020-4481",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UrbanCode Deploy",
"version": {
"version_data": [
{
"version_value": "6.2.7.3"
},
{
"version_value": "7.0.3.0"
},
{
"version_value": "7.0.4.0"
},
{
"version_value": "6.2.7.4"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181848."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "L",
"AC": "L",
"AV": "N",
"C": "H",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Informational"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6256128",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6256128 (UrbanCode Deploy)",
"url": "https://www.ibm.com/support/pages/node/6256128"
},
{
"name": "ibm-ucd-cve20204481-xxe (181848)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181848"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4481",
"datePublished": "2020-08-05T13:15:17.166320Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T19:25:33.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-39082 (GCVE-0-2021-39082)
Vulnerability from cvelistv5
Published
2022-04-29 16:00
Modified
2024-09-17 00:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Obtain Information
Summary
IBM UrbanCode Deploy (UCD) 7.1.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6576179 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/215693 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | UrbanCode Deploy |
Version: 7.0.5.2 Version: 7.1.0.0 Version: 7.1.1.0 Version: 7.1.1.1 Version: 7.1.1.2 Version: 7.0.4.1 Version: 7.0.4.2 Version: 7.0.5.0 Version: 7.0.5.1 Version: 7.1.0.1 Version: 7.1.0.2 Version: 7.1.2.1 Version: 7.2.0.0 Version: 7.2.0.1 Version: 7.2.0.2 Version: 7.2.1.0 Version: 7.0.3.4 Version: 7.0.4.3 Version: 7.1.0.3 Version: 7.1.2.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:58:17.858Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6576179"
},
{
"name": "ibm-ucd-cve202139082-info-disc (215693)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/215693"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.5.2"
},
{
"status": "affected",
"version": "7.1.0.0"
},
{
"status": "affected",
"version": "7.1.1.0"
},
{
"status": "affected",
"version": "7.1.1.1"
},
{
"status": "affected",
"version": "7.1.1.2"
},
{
"status": "affected",
"version": "7.0.4.1"
},
{
"status": "affected",
"version": "7.0.4.2"
},
{
"status": "affected",
"version": "7.0.5.0"
},
{
"status": "affected",
"version": "7.0.5.1"
},
{
"status": "affected",
"version": "7.1.0.1"
},
{
"status": "affected",
"version": "7.1.0.2"
},
{
"status": "affected",
"version": "7.1.2.1"
},
{
"status": "affected",
"version": "7.2.0.0"
},
{
"status": "affected",
"version": "7.2.0.1"
},
{
"status": "affected",
"version": "7.2.0.2"
},
{
"status": "affected",
"version": "7.2.1.0"
},
{
"status": "affected",
"version": "7.0.3.4"
},
{
"status": "affected",
"version": "7.0.4.3"
},
{
"status": "affected",
"version": "7.1.0.3"
},
{
"status": "affected",
"version": "7.1.2.0"
}
]
}
],
"datePublic": "2022-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 7.1.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:H/PR:N/AV:N/C:H/UI:N/I:N/A:N/S:U/RL:O/E:U/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-29T16:00:16",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6576179"
},
{
"name": "ibm-ucd-cve202139082-info-disc (215693)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/215693"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-04-28T00:00:00",
"ID": "CVE-2021-39082",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UrbanCode Deploy",
"version": {
"version_data": [
{
"version_value": "7.0.5.2"
},
{
"version_value": "7.1.0.0"
},
{
"version_value": "7.1.1.0"
},
{
"version_value": "7.1.1.1"
},
{
"version_value": "7.1.1.2"
},
{
"version_value": "7.0.4.1"
},
{
"version_value": "7.0.4.2"
},
{
"version_value": "7.0.5.0"
},
{
"version_value": "7.0.5.1"
},
{
"version_value": "7.1.0.1"
},
{
"version_value": "7.1.0.2"
},
{
"version_value": "7.1.2.1"
},
{
"version_value": "7.2.0.0"
},
{
"version_value": "7.2.0.1"
},
{
"version_value": "7.2.0.2"
},
{
"version_value": "7.2.1.0"
},
{
"version_value": "7.0.3.4"
},
{
"version_value": "7.0.4.3"
},
{
"version_value": "7.1.0.3"
},
{
"version_value": "7.1.2.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM UrbanCode Deploy (UCD) 7.1.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "H",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6576179",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6576179 (UrbanCode Deploy)",
"url": "https://www.ibm.com/support/pages/node/6576179"
},
{
"name": "ibm-ucd-cve202139082-info-disc (215693)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/215693"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-39082",
"datePublished": "2022-04-29T16:00:16.386678Z",
"dateReserved": "2021-08-16T00:00:00",
"dateUpdated": "2024-09-17T00:51:40.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8938 (GCVE-0-2016-8938)
Vulnerability from cvelistv5
Published
2017-02-01 22:00
Modified
2024-08-06 02:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Gain Access
Summary
IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload that would replace code on the server. This code could be executed on the UCD agent machines that host customer's production applications.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/95289 | vdb-entry, x_refsource_BID | |
| http://www.ibm.com/support/docview.wss?uid=swg2C1000237 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | UrbanCode Deploy |
Version: 6.1.0.2 Version: 6.0 Version: 6.0.1 Version: 6.0.1.1 Version: 6.0.1.2 Version: 6.0.1.3 Version: 6.0.1.4 Version: 6.0.1.5 Version: 6.0.1.6 Version: 6.1 Version: 6.1.0.1 Version: 6.1.0.3 Version: 6.0.1.7 Version: 6.0.1.8 Version: 6.1.0.4 Version: 6.1.1 Version: 6.1.1.1 Version: 6.1.1.2 Version: 6.1.1.3 Version: 6.1.1.4 Version: 6.1.1.5 Version: 6.0.1.9 Version: 6.1.1.6 Version: 6.1.1.7 Version: 6.1.2 Version: 6.0.1.10 Version: 6.0.1.11 Version: 6.1.1.8 Version: 6.1.3 Version: 6.1.3.1 Version: 6.2 Version: 6.2.0.1 Version: 6.0.1.12 Version: 6.1.3.2 Version: 6.2.0.2 Version: 6.2.1 Version: 6.0.1.13 Version: 6.2.1.1 Version: 6.0.1.14 Version: 6.1.3.3 Version: 6.2.1.2 Version: 6.2.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.317Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95289",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95289"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000237"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UrbanCode Deploy",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "6.1.0.2"
},
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "6.0.1"
},
{
"status": "affected",
"version": "6.0.1.1"
},
{
"status": "affected",
"version": "6.0.1.2"
},
{
"status": "affected",
"version": "6.0.1.3"
},
{
"status": "affected",
"version": "6.0.1.4"
},
{
"status": "affected",
"version": "6.0.1.5"
},
{
"status": "affected",
"version": "6.0.1.6"
},
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.1.0.1"
},
{
"status": "affected",
"version": "6.1.0.3"
},
{
"status": "affected",
"version": "6.0.1.7"
},
{
"status": "affected",
"version": "6.0.1.8"
},
{
"status": "affected",
"version": "6.1.0.4"
},
{
"status": "affected",
"version": "6.1.1"
},
{
"status": "affected",
"version": "6.1.1.1"
},
{
"status": "affected",
"version": "6.1.1.2"
},
{
"status": "affected",
"version": "6.1.1.3"
},
{
"status": "affected",
"version": "6.1.1.4"
},
{
"status": "affected",
"version": "6.1.1.5"
},
{
"status": "affected",
"version": "6.0.1.9"
},
{
"status": "affected",
"version": "6.1.1.6"
},
{
"status": "affected",
"version": "6.1.1.7"
},
{
"status": "affected",
"version": "6.1.2"
},
{
"status": "affected",
"version": "6.0.1.10"
},
{
"status": "affected",
"version": "6.0.1.11"
},
{
"status": "affected",
"version": "6.1.1.8"
},
{
"status": "affected",
"version": "6.1.3"
},
{
"status": "affected",
"version": "6.1.3.1"
},
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.2.0.1"
},
{
"status": "affected",
"version": "6.0.1.12"
},
{
"status": "affected",
"version": "6.1.3.2"
},
{
"status": "affected",
"version": "6.2.0.2"
},
{
"status": "affected",
"version": "6.2.1"
},
{
"status": "affected",
"version": "6.0.1.13"
},
{
"status": "affected",
"version": "6.2.1.1"
},
{
"status": "affected",
"version": "6.0.1.14"
},
{
"status": "affected",
"version": "6.1.3.3"
},
{
"status": "affected",
"version": "6.2.1.2"
},
{
"status": "affected",
"version": "6.2.2"
}
]
}
],
"datePublic": "2016-11-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload that would replace code on the server. This code could be executed on the UCD agent machines that host customer\u0027s production applications."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-02T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "95289",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95289"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000237"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-8938",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UrbanCode Deploy",
"version": {
"version_data": [
{
"version_value": "6.1.0.2"
},
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "6.0.1.1"
},
{
"version_value": "6.0.1.2"
},
{
"version_value": "6.0.1.3"
},
{
"version_value": "6.0.1.4"
},
{
"version_value": "6.0.1.5"
},
{
"version_value": "6.0.1.6"
},
{
"version_value": "6.1"
},
{
"version_value": "6.1.0.1"
},
{
"version_value": "6.1.0.3"
},
{
"version_value": "6.0.1.7"
},
{
"version_value": "6.0.1.8"
},
{
"version_value": "6.1.0.4"
},
{
"version_value": "6.1.1"
},
{
"version_value": "6.1.1.1"
},
{
"version_value": "6.1.1.2"
},
{
"version_value": "6.1.1.3"
},
{
"version_value": "6.1.1.4"
},
{
"version_value": "6.1.1.5"
},
{
"version_value": "6.0.1.9"
},
{
"version_value": "6.1.1.6"
},
{
"version_value": "6.1.1.7"
},
{
"version_value": "6.1.2"
},
{
"version_value": "6.0.1.10"
},
{
"version_value": "6.0.1.11"
},
{
"version_value": "6.1.1.8"
},
{
"version_value": "6.1.3"
},
{
"version_value": "6.1.3.1"
},
{
"version_value": "6.2"
},
{
"version_value": "6.2.0.1"
},
{
"version_value": "6.0.1.12"
},
{
"version_value": "6.1.3.2"
},
{
"version_value": "6.2.0.2"
},
{
"version_value": "6.2.1"
},
{
"version_value": "6.0.1.13"
},
{
"version_value": "6.2.1.1"
},
{
"version_value": "6.0.1.14"
},
{
"version_value": "6.1.3.3"
},
{
"version_value": "6.2.1.2"
},
{
"version_value": "6.2.2"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload that would replace code on the server. This code could be executed on the UCD agent machines that host customer\u0027s production applications."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95289",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95289"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg2C1000237",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000237"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-8938",
"datePublished": "2017-02-01T22:00:00",
"dateReserved": "2016-10-25T00:00:00",
"dateUpdated": "2024-08-06T02:35:02.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45091 (GCVE-0-2024-45091)
Vulnerability from cvelistv5
Published
2025-01-21 00:41
Modified
2025-01-21 16:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Summary
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.24, 7.1 through 7.1.2.10, and 7.2 through 7.2.3.13 stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | UrbanCode Deploy |
Version: 7.0 ≤ 7.0.5.24 Version: 7.1 ≤ 7.1.2.10 Version: 7.2 ≤ 7.2.3.13 cpe:2.3:a:ibm:urbancode_deploy:7.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.0.5.24:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.1.2.10:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.2.3.13:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45091",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-21T16:41:01.015063Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T16:41:10.360Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:urbancode_deploy:7.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.0.5.24:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.1.2.10:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.2.3.13:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.0.5.24",
"status": "affected",
"version": "7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.2.10",
"status": "affected",
"version": "7.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.3.13",
"status": "affected",
"version": "7.2",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.24, 7.1 through 7.1.2.10, and 7.2 through 7.2.3.13 stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs."
}
],
"value": "IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.24, 7.1 through 7.1.2.10, and 7.2 through 7.2.3.13 stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T00:41:45.398Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7177857"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM UrbanCode Deploy information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-45091",
"datePublished": "2025-01-21T00:41:45.398Z",
"dateReserved": "2024-08-21T19:11:14.496Z",
"dateUpdated": "2025-01-21T16:41:10.360Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4884 (GCVE-0-2020-4884)
Vulnerability from cvelistv5
Published
2021-03-30 16:00
Modified
2024-09-16 16:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Obtain Information
Summary
IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 190908.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6437565 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/190908 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | UrbanCode Deploy |
Version: 6.2.7.9 Version: 7.0.5.4 Version: 7.1.1.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:58.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6437565"
},
{
"name": "ibm-ucd-cve20204884-info-disc (190908)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190908"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.2.7.9"
},
{
"status": "affected",
"version": "7.0.5.4"
},
{
"status": "affected",
"version": "7.1.1.1"
}
]
}
],
"datePublic": "2021-03-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 190908."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.4,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/C:H/AV:L/A:N/UI:N/AC:L/I:N/PR:N/S:U/RL:O/E:U/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-30T16:00:26",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6437565"
},
{
"name": "ibm-ucd-cve20204884-info-disc (190908)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190908"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-03-29T00:00:00",
"ID": "CVE-2020-4884",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UrbanCode Deploy",
"version": {
"version_data": [
{
"version_value": "6.2.7.9"
},
{
"version_value": "7.0.5.4"
},
{
"version_value": "7.1.1.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 190908."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "L",
"C": "H",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6437565",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6437565 (UrbanCode Deploy)",
"url": "https://www.ibm.com/support/pages/node/6437565"
},
{
"name": "ibm-ucd-cve20204884-info-disc (190908)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190908"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4884",
"datePublished": "2021-03-30T16:00:26.474707Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T16:18:36.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7415 (GCVE-0-2015-7415)
Vulnerability from cvelistv5
Published
2016-01-01 02:00
Modified
2024-08-06 07:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in IBM UrbanCode Deploy 6.0 before 6.0.1.12, 6.1 before 6.1.3.2, and 6.2 before 6.2.0.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21970811 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:51:27.372Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970811"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM UrbanCode Deploy 6.0 before 6.0.1.12, 6.1 before 6.1.3.2, and 6.2 before 6.2.0.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-01-01T04:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970811"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-7415",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM UrbanCode Deploy 6.0 before 6.0.1.12, 6.1 before 6.1.3.2, and 6.2 before 6.2.0.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21970811",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970811"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-7415",
"datePublished": "2016-01-01T02:00:00",
"dateReserved": "2015-09-29T00:00:00",
"dateUpdated": "2024-08-06T07:51:27.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2942 (GCVE-0-2016-2942)
Vulnerability from cvelistv5
Published
2017-02-01 22:00
Modified
2024-08-05 23:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Gain Privileges
Summary
IBM UrbanCode Deploy could allow an authenticated attacker with special permissions to craft a script on the server in a way that will cause processes to run on a remote UCD agent machine.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/95975 | vdb-entry, x_refsource_BID | |
| http://www.ibm.com/support/docview.wss?uid=swg2C1000218 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | UrbanCode Deploy |
Version: 6.1.0.2 Version: 6.0 Version: 6.0.1 Version: 6.0.1.1 Version: 6.0.1.2 Version: 6.0.1.3 Version: 6.0.1.4 Version: 6.0.1.5 Version: 6.0.1.6 Version: 6.1 Version: 6.1.0.1 Version: 6.1.0.3 Version: 6.0.1.7 Version: 6.0.1.8 Version: 6.1.0.4 Version: 6.1.1 Version: 6.1.1.1 Version: 6.1.1.2 Version: 6.1.1.3 Version: 6.1.1.4 Version: 6.1.1.5 Version: 6.0.1.9 Version: 6.1.1.6 Version: 6.1.1.7 Version: 6.1.2 Version: 6.0.1.10 Version: 6.0.1.11 Version: 6.1.1.8 Version: 6.1.3 Version: 6.1.3.1 Version: 6.2 Version: 6.2.0.1 Version: 6.0.1.12 Version: 6.1.3.2 Version: 6.2.0.2 Version: 6.2.1 Version: 6.0.1.13 Version: 6.2.1.1 Version: 6.0.1.14 Version: 6.1.3.3 Version: 6.2.1.2 Version: 6.2.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:40:13.765Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95975",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95975"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000218"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UrbanCode Deploy",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "6.1.0.2"
},
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "6.0.1"
},
{
"status": "affected",
"version": "6.0.1.1"
},
{
"status": "affected",
"version": "6.0.1.2"
},
{
"status": "affected",
"version": "6.0.1.3"
},
{
"status": "affected",
"version": "6.0.1.4"
},
{
"status": "affected",
"version": "6.0.1.5"
},
{
"status": "affected",
"version": "6.0.1.6"
},
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.1.0.1"
},
{
"status": "affected",
"version": "6.1.0.3"
},
{
"status": "affected",
"version": "6.0.1.7"
},
{
"status": "affected",
"version": "6.0.1.8"
},
{
"status": "affected",
"version": "6.1.0.4"
},
{
"status": "affected",
"version": "6.1.1"
},
{
"status": "affected",
"version": "6.1.1.1"
},
{
"status": "affected",
"version": "6.1.1.2"
},
{
"status": "affected",
"version": "6.1.1.3"
},
{
"status": "affected",
"version": "6.1.1.4"
},
{
"status": "affected",
"version": "6.1.1.5"
},
{
"status": "affected",
"version": "6.0.1.9"
},
{
"status": "affected",
"version": "6.1.1.6"
},
{
"status": "affected",
"version": "6.1.1.7"
},
{
"status": "affected",
"version": "6.1.2"
},
{
"status": "affected",
"version": "6.0.1.10"
},
{
"status": "affected",
"version": "6.0.1.11"
},
{
"status": "affected",
"version": "6.1.1.8"
},
{
"status": "affected",
"version": "6.1.3"
},
{
"status": "affected",
"version": "6.1.3.1"
},
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.2.0.1"
},
{
"status": "affected",
"version": "6.0.1.12"
},
{
"status": "affected",
"version": "6.1.3.2"
},
{
"status": "affected",
"version": "6.2.0.2"
},
{
"status": "affected",
"version": "6.2.1"
},
{
"status": "affected",
"version": "6.0.1.13"
},
{
"status": "affected",
"version": "6.2.1.1"
},
{
"status": "affected",
"version": "6.0.1.14"
},
{
"status": "affected",
"version": "6.1.3.3"
},
{
"status": "affected",
"version": "6.2.1.2"
},
{
"status": "affected",
"version": "6.2.2"
}
]
}
],
"datePublic": "2016-11-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy could allow an authenticated attacker with special permissions to craft a script on the server in a way that will cause processes to run on a remote UCD agent machine."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-03T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "95975",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95975"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000218"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-2942",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UrbanCode Deploy",
"version": {
"version_data": [
{
"version_value": "6.1.0.2"
},
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "6.0.1.1"
},
{
"version_value": "6.0.1.2"
},
{
"version_value": "6.0.1.3"
},
{
"version_value": "6.0.1.4"
},
{
"version_value": "6.0.1.5"
},
{
"version_value": "6.0.1.6"
},
{
"version_value": "6.1"
},
{
"version_value": "6.1.0.1"
},
{
"version_value": "6.1.0.3"
},
{
"version_value": "6.0.1.7"
},
{
"version_value": "6.0.1.8"
},
{
"version_value": "6.1.0.4"
},
{
"version_value": "6.1.1"
},
{
"version_value": "6.1.1.1"
},
{
"version_value": "6.1.1.2"
},
{
"version_value": "6.1.1.3"
},
{
"version_value": "6.1.1.4"
},
{
"version_value": "6.1.1.5"
},
{
"version_value": "6.0.1.9"
},
{
"version_value": "6.1.1.6"
},
{
"version_value": "6.1.1.7"
},
{
"version_value": "6.1.2"
},
{
"version_value": "6.0.1.10"
},
{
"version_value": "6.0.1.11"
},
{
"version_value": "6.1.1.8"
},
{
"version_value": "6.1.3"
},
{
"version_value": "6.1.3.1"
},
{
"version_value": "6.2"
},
{
"version_value": "6.2.0.1"
},
{
"version_value": "6.0.1.12"
},
{
"version_value": "6.1.3.2"
},
{
"version_value": "6.2.0.2"
},
{
"version_value": "6.2.1"
},
{
"version_value": "6.0.1.13"
},
{
"version_value": "6.2.1.1"
},
{
"version_value": "6.0.1.14"
},
{
"version_value": "6.1.3.3"
},
{
"version_value": "6.2.1.2"
},
{
"version_value": "6.2.2"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM UrbanCode Deploy could allow an authenticated attacker with special permissions to craft a script on the server in a way that will cause processes to run on a remote UCD agent machine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95975",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95975"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg2C1000218",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000218"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-2942",
"datePublished": "2017-02-01T22:00:00",
"dateReserved": "2016-03-09T00:00:00",
"dateUpdated": "2024-08-05T23:40:13.765Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22339 (GCVE-0-2024-22339)
Vulnerability from cvelistv5
Published
2024-04-12 16:51
Modified
2024-08-01 22:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Summary
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 is vulnerable to a sensitive information due to insufficient obfuscation of sensitive values from some log files. IBM X-Force ID: 279979.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7148113 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/279979 | vdb-entry |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | UrbanCode Deploy |
Version: 7.0 ≤ 7.0.5.20 Version: 7.1 ≤ 7.1.2.16 Version: 7.2 ≤ 7.2.3.9 Version: 7.3 ≤ 7.3.2.4 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22339",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-12T19:41:18.562942Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:52:39.586Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:43:34.617Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7148113"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279979"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.0.5.20",
"status": "affected",
"version": "7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.2.16",
"status": "affected",
"version": "7.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.3.9",
"status": "affected",
"version": "7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.2.4",
"status": "affected",
"version": "7.3",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DevOps Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "8.0.0.1",
"status": "affected",
"version": "8.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 is vulnerable to a sensitive information due to insufficient obfuscation of sensitive values from some log files. IBM X-Force ID: 279979."
}
],
"value": "IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 is vulnerable to a sensitive information due to insufficient obfuscation of sensitive values from some log files. IBM X-Force ID: 279979."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-12T16:51:39.984Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7148113"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279979"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM UrbanCode Deploy information disclosure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-22339",
"datePublished": "2024-04-12T16:51:39.984Z",
"dateReserved": "2024-01-08T23:42:17.267Z",
"dateUpdated": "2024-08-01T22:43:34.617Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47161 (GCVE-0-2023-47161)
Vulnerability from cvelistv5
Published
2023-12-19 23:52
Modified
2024-08-02 21:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 may mishandle input validation of an uploaded archive file leading to a denial of service due to resource exhaustion. IBM X-Force ID: 270799.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7096552 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/270799 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | UrbanCode Deploy |
Version: 7.2 ≤ 7.2.3.7 Version: 7.3 ≤ 7.3.2.2 Version: 7.1 ≤ 7.1.2.14 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47161",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-12-20T15:51:19.236491Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-07T16:01:03.288Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:01:22.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7096552"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270799"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.2.3.7",
"status": "affected",
"version": "7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.2.2",
"status": "affected",
"version": "7.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.2.14",
"status": "affected",
"version": "7.1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 may mishandle input validation of an uploaded archive file leading to a denial of service due to resource exhaustion. IBM X-Force ID: 270799."
}
],
"value": "IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 may mishandle input validation of an uploaded archive file leading to a denial of service due to resource exhaustion. IBM X-Force ID: 270799."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-19T23:52:20.948Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7096552"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270799"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM UrbanCode Deploy denial of service",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-47161",
"datePublished": "2023-12-19T23:52:20.948Z",
"dateReserved": "2023-10-31T00:13:45.654Z",
"dateUpdated": "2024-08-02T21:01:22.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4666 (GCVE-0-2019-4666)
Vulnerability from cvelistv5
Published
2020-02-13 15:40
Modified
2024-09-16 21:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Obtain Information
Summary
IBM UrbanCode Deploy (UCD) 7.0.3 and IBM UrbanCode Build 6.1.5 could allow a local user to obtain sensitive information by unmasking certain secure values in documents. IBM X-Force ID: 171248.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/1138576 | x_refsource_CONFIRM | |
| https://www.ibm.com/support/pages/node/2325141 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/171248 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | UrbanCode Deploy |
Version: 7.0.3 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:40:48.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/1138576"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/2325141"
},
{
"name": "ibm-ucd-cve20194666-info-disc (171248)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/171248"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.3"
}
]
},
{
"product": "UrbanCode Build",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.1.5"
}
]
}
],
"datePublic": "2020-02-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 7.0.3 and IBM UrbanCode Build 6.1.5 could allow a local user to obtain sensitive information by unmasking certain secure values in documents. IBM X-Force ID: 171248."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 2,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/I:N/UI:N/PR:H/A:N/AV:L/S:U/C:L/RL:O/E:U/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-13T15:40:21",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/1138576"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/2325141"
},
{
"name": "ibm-ucd-cve20194666-info-disc (171248)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/171248"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-02-12T00:00:00",
"ID": "CVE-2019-4666",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UrbanCode Deploy",
"version": {
"version_data": [
{
"version_value": "7.0.3"
}
]
}
},
{
"product_name": "UrbanCode Build",
"version": {
"version_data": [
{
"version_value": "6.1.5"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM UrbanCode Deploy (UCD) 7.0.3 and IBM UrbanCode Build 6.1.5 could allow a local user to obtain sensitive information by unmasking certain secure values in documents. IBM X-Force ID: 171248."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "L",
"C": "L",
"I": "N",
"PR": "H",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/1138576",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 1138576 (UrbanCode Build)",
"url": "https://www.ibm.com/support/pages/node/1138576"
},
{
"name": "https://www.ibm.com/support/pages/node/2325141",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 2325141 (UrbanCode Deploy)",
"url": "https://www.ibm.com/support/pages/node/2325141"
},
{
"name": "ibm-ucd-cve20194666-info-disc (171248)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/171248"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4666",
"datePublished": "2020-02-13T15:40:21.747521Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T21:08:27.032Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4668 (GCVE-0-2019-4668)
Vulnerability from cvelistv5
Published
2020-04-23 13:10
Modified
2024-09-17 02:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Obtain Information
Summary
IBM UrbanCode Deploy (UCD) 7.0.4.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 171250.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6195699 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/171250 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | UrbanCode Deploy |
Version: 7.0.4.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:40:48.702Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6195699"
},
{
"name": "ibm-ucd-cve20194668-info-disc (171250)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/171250"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.4.0"
}
]
}
],
"datePublic": "2020-04-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 7.0.4.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 171250."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.4,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/PR:N/UI:N/A:N/C:H/I:N/AV:L/S:U/RC:C/RL:O/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-23T13:10:22",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6195699"
},
{
"name": "ibm-ucd-cve20194668-info-disc (171250)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/171250"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-04-21T00:00:00",
"ID": "CVE-2019-4668",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UrbanCode Deploy",
"version": {
"version_data": [
{
"version_value": "7.0.4.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM UrbanCode Deploy (UCD) 7.0.4.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 171250."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "L",
"C": "H",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6195699",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6195699 (UrbanCode Deploy)",
"url": "https://www.ibm.com/support/pages/node/6195699"
},
{
"name": "ibm-ucd-cve20194668-info-disc (171250)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/171250"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4668",
"datePublished": "2020-04-23T13:10:22.520321Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T02:06:36.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42012 (GCVE-0-2023-42012)
Vulnerability from cvelistv5
Published
2023-12-19 23:49
Modified
2024-08-02 19:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
An IBM UrbanCode Deploy Agent 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts. IBM X-Force ID: 265509.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7096548 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/265509 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | UrbanCode Deploy |
Version: 7.2 ≤ 7.2.3.7 Version: 7.3 ≤ 7.3.2.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:16:49.547Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7096548"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265509"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.2.3.7",
"status": "affected",
"version": "7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.2.2",
"status": "affected",
"version": "7.3",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An IBM UrbanCode Deploy Agent 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts. IBM X-Force ID: 265509."
}
],
"value": "An IBM UrbanCode Deploy Agent 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts. IBM X-Force ID: 265509."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-19T23:49:47.333Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7096548"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265509"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM UrbanCode Deploy denial of service",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-42012",
"datePublished": "2023-12-19T23:49:47.333Z",
"dateReserved": "2023-09-06T19:33:10.322Z",
"dateUpdated": "2024-08-02T19:16:49.547Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4848 (GCVE-0-2020-4848)
Vulnerability from cvelistv5
Published
2021-03-30 16:00
Modified
2024-09-17 02:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Gain Privileges
Summary
IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 could allow an authenticated user to initiate a plugin or compare process resources that they should not have access to. IBM X-Force ID: 190293.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6437573 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/190293 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | UrbanCode Deploy |
Version: 6.2.7.9 Version: 7.0.5.4 Version: 7.1.1.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:14:58.924Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6437573"
},
{
"name": "ibm-ucd-cve02204848-priv-escalation (190293)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190293"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.2.7.9"
},
{
"status": "affected",
"version": "7.0.5.4"
},
{
"status": "affected",
"version": "7.1.1.1"
}
]
}
],
"datePublic": "2021-03-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 could allow an authenticated user to initiate a plugin or compare process resources that they should not have access to. IBM X-Force ID: 190293."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/A:N/C:L/AC:L/S:U/PR:L/I:L/UI:N/RL:O/E:U/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-30T16:00:25",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6437573"
},
{
"name": "ibm-ucd-cve02204848-priv-escalation (190293)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190293"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-03-29T00:00:00",
"ID": "CVE-2020-4848",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UrbanCode Deploy",
"version": {
"version_data": [
{
"version_value": "6.2.7.9"
},
{
"version_value": "7.0.5.4"
},
{
"version_value": "7.1.1.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 could allow an authenticated user to initiate a plugin or compare process resources that they should not have access to. IBM X-Force ID: 190293."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6437573",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6437573 (UrbanCode Deploy)",
"url": "https://www.ibm.com/support/pages/node/6437573"
},
{
"name": "ibm-ucd-cve02204848-priv-escalation (190293)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190293"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4848",
"datePublished": "2021-03-30T16:00:25.825266Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-17T02:22:06.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28781 (GCVE-0-2024-28781)
Vulnerability from cvelistv5
Published
2024-05-10 15:49
Modified
2024-08-02 00:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4, and 8.0 through 8.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285654.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7150747 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/285654 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | UrbanCode Deploy |
Version: 7.0 ≤ 7.0.5.20 Version: 7.1 ≤ 7.1.2.16 Version: 7.2 ≤ 7.2.3.9 Version: 7.3 ≤ 7.3.2.4 Version: 8.0 ≤ 8.0.0.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28781",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T19:14:57.303220Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T19:15:07.391Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:56:58.140Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7150747"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/285654"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.0.5.20",
"status": "affected",
"version": "7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.2.16",
"status": "affected",
"version": "7.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.3.9",
"status": "affected",
"version": "7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.2.4",
"status": "affected",
"version": "7.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.0.0.1",
"status": "affected",
"version": "8.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4, and 8.0 through 8.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285654."
}
],
"value": "IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4, and 8.0 through 8.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285654."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-10T15:49:35.965Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7150747"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/285654"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM UrbanCode Deploy cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-28781",
"datePublished": "2024-05-10T15:49:35.965Z",
"dateReserved": "2024-03-10T12:23:24.001Z",
"dateUpdated": "2024-08-02T00:56:58.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2994 (GCVE-0-2016-2994)
Vulnerability from cvelistv5
Published
2016-12-01 11:00
Modified
2024-08-05 23:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in IBM UrbanCode Deploy 6.2.x before 6.2.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg2C1000177 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/92870 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:40:14.292Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg2C1000177"
},
{
"name": "92870",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92870"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM UrbanCode Deploy 6.2.x before 6.2.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg2C1000177"
},
{
"name": "92870",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92870"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-2994",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM UrbanCode Deploy 6.2.x before 6.2.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg2C1000177",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg2C1000177"
},
{
"name": "92870",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92870"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-2994",
"datePublished": "2016-12-01T11:00:00",
"dateReserved": "2016-03-09T00:00:00",
"dateUpdated": "2024-08-05T23:40:14.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29711 (GCVE-0-2021-29711)
Vulnerability from cvelistv5
Published
2021-07-08 16:10
Modified
2024-09-16 17:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- File Manipulation
Summary
IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 6.2.7.8 , 6.2.7.9, 7.0.3.0, 7.0.4.0, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2 could allow an authenticated user with certain permissions to initiate an agent upgrade through the CLI interface. IBM X-Force ID: 200965.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6469941 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/200965 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | UrbanCode Deploy |
Version: 6.2.7.3 Version: 7.0.3.0 Version: 7.0.4.0 Version: 7.1.0.0 Version: 6.2.7.4 Version: 6.2.7.8 Version: 7.1.1.0 Version: 6.2.7.9 Version: 7.0.5.4 Version: 7.1.1.1 Version: 7.1.1.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:18:01.479Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6469941"
},
{
"name": "ibm-ucd-cve202129711-improper-permissions (200965)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200965"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.2.7.3"
},
{
"status": "affected",
"version": "7.0.3.0"
},
{
"status": "affected",
"version": "7.0.4.0"
},
{
"status": "affected",
"version": "7.1.0.0"
},
{
"status": "affected",
"version": "6.2.7.4"
},
{
"status": "affected",
"version": "6.2.7.8"
},
{
"status": "affected",
"version": "7.1.1.0"
},
{
"status": "affected",
"version": "6.2.7.9"
},
{
"status": "affected",
"version": "7.0.5.4"
},
{
"status": "affected",
"version": "7.1.1.1"
},
{
"status": "affected",
"version": "7.1.1.2"
}
]
}
],
"datePublic": "2021-07-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 6.2.7.8 , 6.2.7.9, 7.0.3.0, 7.0.4.0, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2 could allow an authenticated user with certain permissions to initiate an agent upgrade through the CLI interface. IBM X-Force ID: 200965."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/PR:H/S:U/AV:N/C:N/I:H/UI:N/AC:L/A:N/RL:O/RC:C/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "File Manipulation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-08T16:10:11",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6469941"
},
{
"name": "ibm-ucd-cve202129711-improper-permissions (200965)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200965"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2021-07-07T00:00:00",
"ID": "CVE-2021-29711",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UrbanCode Deploy",
"version": {
"version_data": [
{
"version_value": "6.2.7.3"
},
{
"version_value": "7.0.3.0"
},
{
"version_value": "7.0.4.0"
},
{
"version_value": "7.1.0.0"
},
{
"version_value": "6.2.7.4"
},
{
"version_value": "6.2.7.8"
},
{
"version_value": "7.1.1.0"
},
{
"version_value": "6.2.7.9"
},
{
"version_value": "7.0.5.4"
},
{
"version_value": "7.1.1.1"
},
{
"version_value": "7.1.1.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 6.2.7.8 , 6.2.7.9, 7.0.3.0, 7.0.4.0, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2 could allow an authenticated user with certain permissions to initiate an agent upgrade through the CLI interface. IBM X-Force ID: 200965."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "N",
"I": "H",
"PR": "H",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "File Manipulation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6469941",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6469941 (UrbanCode Deploy)",
"url": "https://www.ibm.com/support/pages/node/6469941"
},
{
"name": "ibm-ucd-cve202129711-improper-permissions (200965)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200965"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2021-29711",
"datePublished": "2021-07-08T16:10:11.761478Z",
"dateReserved": "2021-03-31T00:00:00",
"dateUpdated": "2024-09-16T17:33:34.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4260 (GCVE-0-2020-4260)
Vulnerability from cvelistv5
Published
2020-04-16 15:35
Modified
2024-09-16 19:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Obtain Information
Summary
IBM UrbanCode Deploy (UCD) 7.0.5 could allow a user with special permissions to obtain sensitive information via generic processes. IBM X-Force ID: 175639.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6191655 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/175639 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | UrbanCode Deploy |
Version: 7.0.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:00:07.369Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6191655"
},
{
"name": "ibm-ucd-cve20204260-info-disc (175639)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175639"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.5"
}
]
}
],
"datePublic": "2020-04-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 7.0.5 could allow a user with special permissions to obtain sensitive information via generic processes. IBM X-Force ID: 175639."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 2.7,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/UI:N/PR:L/A:N/I:N/AC:H/AV:N/C:L/S:U/RL:O/E:U/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-16T15:35:21",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6191655"
},
{
"name": "ibm-ucd-cve20204260-info-disc (175639)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175639"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-04-15T00:00:00",
"ID": "CVE-2020-4260",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UrbanCode Deploy",
"version": {
"version_data": [
{
"version_value": "7.0.5"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM UrbanCode Deploy (UCD) 7.0.5 could allow a user with special permissions to obtain sensitive information via generic processes. IBM X-Force ID: 175639."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "L",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6191655",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6191655 (UrbanCode Deploy)",
"url": "https://www.ibm.com/support/pages/node/6191655"
},
{
"name": "ibm-ucd-cve20204260-info-disc (175639)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175639"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4260",
"datePublished": "2020-04-16T15:35:21.226960Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T19:25:25.310Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22315 (GCVE-0-2022-22315)
Vulnerability from cvelistv5
Published
2022-04-27 17:55
Modified
2024-09-16 20:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Gain Privileges
Summary
IBM UrbanCode Deploy (UCD) 7.2.2.1 could allow an authenticated user with special permissions to obtain elevated privileges due to improper handling of permissions. IBM X-Force ID: 217955.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6575143 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/217955 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | UrbanCode Deploy |
Version: 6.2.7.0 Version: 7.0.3.0 Version: 7.0.4.0 Version: 7.1.0.0 Version: 7.1.1.0 Version: 7.1.1.2 Version: 7.0.3.3 Version: 7.0.4.2 Version: 7.0.5.0 Version: 7.1.0.2 Version: 7.1.2.1 Version: 7.2.0.0 Version: 7.2.0.2 Version: 7.2.1.0 Version: 6.2.7.14 Version: 7.0.5.9 Version: 7.1.2.5 Version: 7.2.1.2 Version: 7.2.2.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:50.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6575143"
},
{
"name": "ibm-ucd-cve202222315-priv-escalation (217955)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/217955"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.2.7.0"
},
{
"status": "affected",
"version": "7.0.3.0"
},
{
"status": "affected",
"version": "7.0.4.0"
},
{
"status": "affected",
"version": "7.1.0.0"
},
{
"status": "affected",
"version": "7.1.1.0"
},
{
"status": "affected",
"version": "7.1.1.2"
},
{
"status": "affected",
"version": "7.0.3.3"
},
{
"status": "affected",
"version": "7.0.4.2"
},
{
"status": "affected",
"version": "7.0.5.0"
},
{
"status": "affected",
"version": "7.1.0.2"
},
{
"status": "affected",
"version": "7.1.2.1"
},
{
"status": "affected",
"version": "7.2.0.0"
},
{
"status": "affected",
"version": "7.2.0.2"
},
{
"status": "affected",
"version": "7.2.1.0"
},
{
"status": "affected",
"version": "6.2.7.14"
},
{
"status": "affected",
"version": "7.0.5.9"
},
{
"status": "affected",
"version": "7.1.2.5"
},
{
"status": "affected",
"version": "7.2.1.2"
},
{
"status": "affected",
"version": "7.2.2.0"
}
]
}
],
"datePublic": "2022-04-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 7.2.2.1 could allow an authenticated user with special permissions to obtain elevated privileges due to improper handling of permissions. IBM X-Force ID: 217955."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.4,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/S:U/C:L/AC:H/UI:N/A:L/PR:L/I:L/AV:N/RC:C/RL:O/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-27T17:55:10",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6575143"
},
{
"name": "ibm-ucd-cve202222315-priv-escalation (217955)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/217955"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-04-26T00:00:00",
"ID": "CVE-2022-22315",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UrbanCode Deploy",
"version": {
"version_data": [
{
"version_value": "6.2.7.0"
},
{
"version_value": "7.0.3.0"
},
{
"version_value": "7.0.4.0"
},
{
"version_value": "7.1.0.0"
},
{
"version_value": "7.1.1.0"
},
{
"version_value": "7.1.1.2"
},
{
"version_value": "7.0.3.3"
},
{
"version_value": "7.0.4.2"
},
{
"version_value": "7.0.5.0"
},
{
"version_value": "7.1.0.2"
},
{
"version_value": "7.1.2.1"
},
{
"version_value": "7.2.0.0"
},
{
"version_value": "7.2.0.2"
},
{
"version_value": "7.2.1.0"
},
{
"version_value": "6.2.7.14"
},
{
"version_value": "7.0.5.9"
},
{
"version_value": "7.1.2.5"
},
{
"version_value": "7.2.1.2"
},
{
"version_value": "7.2.2.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM UrbanCode Deploy (UCD) 7.2.2.1 could allow an authenticated user with special permissions to obtain elevated privileges due to improper handling of permissions. IBM X-Force ID: 217955."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "L",
"AC": "H",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6575143",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6575143 (UrbanCode Deploy)",
"url": "https://www.ibm.com/support/pages/node/6575143"
},
{
"name": "ibm-ucd-cve202222315-priv-escalation (217955)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/217955"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2022-22315",
"datePublished": "2022-04-27T17:55:10.980354Z",
"dateReserved": "2022-01-03T00:00:00",
"dateUpdated": "2024-09-16T20:17:35.405Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40376 (GCVE-0-2023-40376)
Vulnerability from cvelistv5
Published
2023-10-04 13:46
Modified
2024-09-19 14:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
IBM UrbanCode Deploy (UCD) 7.1 - 7.1.2.12, 7.2 through 7.2.3.5, and 7.3 through 7.3.2.0 under certain configurations could allow an authenticated user to make changes to environment variables due to improper authentication controls. IBM X-Force ID: 263581.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7037230 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/263581 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | UrbanCode Deploy |
Version: 7.1 ≤ 7.1.2.12 Version: 7.2 ≤ 7.2.3.5 Version: 7.3 ≤ 7.3.2.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:31:53.639Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7037230"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/263581"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40376",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T14:47:12.758372Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T14:47:34.157Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.1.2.12",
"status": "affected",
"version": "7.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.3.5",
"status": "affected",
"version": "7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.2.0",
"status": "affected",
"version": "7.3",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM UrbanCode Deploy (UCD) 7.1 - 7.1.2.12, 7.2 through 7.2.3.5, and 7.3 through 7.3.2.0 under certain configurations could allow an authenticated user to make changes to environment variables due to improper authentication controls. IBM X-Force ID: 263581."
}
],
"value": "IBM UrbanCode Deploy (UCD) 7.1 - 7.1.2.12, 7.2 through 7.2.3.5, and 7.3 through 7.3.2.0 under certain configurations could allow an authenticated user to make changes to environment variables due to improper authentication controls. IBM X-Force ID: 263581."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-04T13:46:08.634Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7037230"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/263581"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM UrbanCode Deploy (UCD) improper authentication controls",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-40376",
"datePublished": "2023-10-04T13:46:08.634Z",
"dateReserved": "2023-08-14T20:12:05.636Z",
"dateUpdated": "2024-09-19T14:47:34.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42013 (GCVE-0-2023-42013)
Vulnerability from cvelistv5
Published
2023-12-19 23:47
Modified
2024-08-02 19:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Summary
IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 265510.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7096547 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/265510 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | UrbanCode Deploy |
Version: 7.1 ≤ 7.1.2.14 Version: 7.2 ≤ 7.2.3.7 Version: 7.3 ≤ 7.3.2.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:16:50.617Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7096547"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265510"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.1.2.14",
"status": "affected",
"version": "7.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.3.7",
"status": "affected",
"version": "7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.2.2",
"status": "affected",
"version": "7.3",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 265510."
}
],
"value": "IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 265510."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209 Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-19T23:47:11.685Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7096547"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265510"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM UrbanCode Deploy information disclosure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-42013",
"datePublished": "2023-12-19T23:47:11.685Z",
"dateReserved": "2023-09-06T19:33:10.322Z",
"dateUpdated": "2024-08-02T19:16:50.617Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-0271 (GCVE-0-2016-0271)
Vulnerability from cvelistv5
Published
2016-07-08 01:00
Modified
2024-08-05 22:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The agents in IBM UrbanCode Deploy 6.x before 6.0.1.14, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 do not verify a server's identity in a JMS session or an HTTP session, which allows local users to obtain root access to arbitrary agents via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg2C1000150 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:15:23.223Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg2C1000150"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The agents in IBM UrbanCode Deploy 6.x before 6.0.1.14, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 do not verify a server\u0027s identity in a JMS session or an HTTP session, which allows local users to obtain root access to arbitrary agents via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-07-08T01:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg2C1000150"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-0271",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The agents in IBM UrbanCode Deploy 6.x before 6.0.1.14, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 do not verify a server\u0027s identity in a JMS session or an HTTP session, which allows local users to obtain root access to arbitrary agents via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg2C1000150",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg2C1000150"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-0271",
"datePublished": "2016-07-08T01:00:00",
"dateReserved": "2015-12-08T00:00:00",
"dateUpdated": "2024-08-05T22:15:23.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-40751 (GCVE-0-2022-40751)
Vulnerability from cvelistv5
Published
2022-11-17 16:36
Modified
2025-04-29 14:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-522 - Insufficiently Protected Credentials
Summary
IBM UrbanCode Deploy (UCD) 6.2.7.0 through 6.2.7.17, 7.0.0.0 through 7.0.5.12, 7.1.0.0 through 7.1.2.8, and 7.2.0.0 through 7.2.3.1 could allow a user with administrative privileges including "Manage Security" permissions may be able to recover a credential previously saved for performing authenticated LDAP searches. IBM X-Force ID:
236601.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6831907 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/236601 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | UrbanCode Deploy |
Version: 6.2.7.0 < 6.2.7.17 Version: 7.0.0.0 < 7.0.5.12 Version: 7.1.0.0 < 7.1.2.8 Version: 7.2.0.0 < 7.2.3.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:28:42.621Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6831907"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/236601"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-40751",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-29T14:45:33.559315Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T14:45:44.367Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"lessThan": "6.2.7.17",
"status": "affected",
"version": "6.2.7.0",
"versionType": "custom"
},
{
"lessThan": "7.0.5.12",
"status": "affected",
"version": "7.0.0.0",
"versionType": "custom"
},
{
"lessThan": "7.1.2.8",
"status": "affected",
"version": "7.1.0.0",
"versionType": "custom"
},
{
"lessThan": "7.2.3.1",
"status": "affected",
"version": "7.2.0.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(204, 217, 226);\"\u003eIBM UrbanCode Deploy (UCD) 6.2.7.0 through 6.2.7.17, 7.0.0.0 through 7.0.5.12, 7.1.0.0 through 7.1.2.8, and 7.2.0.0 through 7.2.3.1 could allow a user with administrative privileges including \"Manage Security\" permissions may be able to recover a credential previously saved for performing authenticated LDAP searches.\u0026nbsp; IBM X-Force ID:\u0026nbsp;\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(204, 217, 226);\"\u003e236601.\u003c/span\u003e\u003c/span\u003e"
}
],
"value": "\nIBM UrbanCode Deploy (UCD) 6.2.7.0 through 6.2.7.17, 7.0.0.0 through 7.0.5.12, 7.1.0.0 through 7.1.2.8, and 7.2.0.0 through 7.2.3.1 could allow a user with administrative privileges including \"Manage Security\" permissions may be able to recover a credential previously saved for performing authenticated LDAP searches.\u00a0 IBM X-Force ID:\u00a0\u00a0\n\n236601."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-17T16:36:14.175Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/6831907"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/236601"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM UrbanCode Deploy information disclosure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2022-40751",
"datePublished": "2022-11-17T16:36:14.175Z",
"dateReserved": "2022-09-16T16:24:40.586Z",
"dateUpdated": "2025-04-29T14:45:44.367Z",
"requesterUserId": "69938c14-a5a2-41ac-a450-71ed41911136",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1997 (GCVE-0-2025-1997)
Vulnerability from cvelistv5
Published
2025-03-27 14:39
Modified
2025-09-01 01:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Summary
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7229035 | vendor-advisory, patch |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | UrbanCode Deploy |
Version: 7.0 ≤ 7.0.5.25 Version: 7.1 ≤ 7.1.2.21 Version: 7.2 ≤ 7.2.3.14 Version: 7.3 ≤ 7.3.2.9 cpe:2.3:a:ibm:urbancode_deploy:7.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.0.5.25:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.1.2.21:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.2.3.14:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.3.2.9:*:*:*:*:*:*:* |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1997",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T15:09:37.164834Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T15:10:02.286Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:urbancode_deploy:7.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.0.5.25:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.1.2.21:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.2.3.14:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.3.2.9:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.0.5.25",
"status": "affected",
"version": "7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.2.21",
"status": "affected",
"version": "7.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.3.14",
"status": "affected",
"version": "7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.2.9",
"status": "affected",
"version": "7.3",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:devops_deploy:8.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:devops_deploy:8.0.1.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:devops_deploy:8.1.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "DevOps Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "8.0.1.4",
"status": "affected",
"version": "8.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service."
}
],
"value": "IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-01T01:01:55.976Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7229035"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM UrbanCode Deploy (UCD) / IBM DevOps Deploy HTML injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-1997",
"datePublished": "2025-03-27T14:39:48.719Z",
"dateReserved": "2025-03-05T16:10:34.631Z",
"dateUpdated": "2025-09-01T01:01:55.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1493 (GCVE-0-2017-1493)
Vulnerability from cvelistv5
Published
2018-01-09 20:00
Modified
2024-09-17 00:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Data Manipulation
Summary
IBM UrbanCode Deploy (UCD) 6.1 and 6.2 could allow an authenticated user to edit objects that they should not have access to due to improper access controls. IBM X-Force ID: 128691.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/128691 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/102483 | vdb-entry, x_refsource_BID | |
| http://www.ibm.com/support/docview.wss?uid=swg2C1000367 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | UrbanCode Deploy |
Version: 6.1.0.2 Version: 6.1 Version: 6.1.0.1 Version: 6.1.0.3 Version: 6.1.0.4 Version: 6.1.1 Version: 6.1.1.1 Version: 6.1.1.2 Version: 6.1.1.3 Version: 6.1.1.4 Version: 6.1.1.5 Version: 6.1.1.6 Version: 6.1.1.7 Version: 6.1.2 Version: 6.1.1.8 Version: 6.1.3 Version: 6.1.3.1 Version: 6.2 Version: 6.2.0.1 Version: 6.1.3.2 Version: 6.2.0.2 Version: 6.2.1 Version: 6.2.1.1 Version: 6.1.3.3 Version: 6.2.1.2 Version: 6.2.2 Version: 6.2.2.1 Version: 6.2.3.0 Version: 6.2.3.1 Version: 6.1.3.4 Version: 6.1.3.5 Version: 6.2.4 Version: 6.1.3.6 Version: 6.2.4.1 Version: 6.2.4.2 Version: 6.2.5 Version: 6.2.5.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:29.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128691"
},
{
"name": "102483",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102483"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000367"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.1.0.2"
},
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.1.0.1"
},
{
"status": "affected",
"version": "6.1.0.3"
},
{
"status": "affected",
"version": "6.1.0.4"
},
{
"status": "affected",
"version": "6.1.1"
},
{
"status": "affected",
"version": "6.1.1.1"
},
{
"status": "affected",
"version": "6.1.1.2"
},
{
"status": "affected",
"version": "6.1.1.3"
},
{
"status": "affected",
"version": "6.1.1.4"
},
{
"status": "affected",
"version": "6.1.1.5"
},
{
"status": "affected",
"version": "6.1.1.6"
},
{
"status": "affected",
"version": "6.1.1.7"
},
{
"status": "affected",
"version": "6.1.2"
},
{
"status": "affected",
"version": "6.1.1.8"
},
{
"status": "affected",
"version": "6.1.3"
},
{
"status": "affected",
"version": "6.1.3.1"
},
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.2.0.1"
},
{
"status": "affected",
"version": "6.1.3.2"
},
{
"status": "affected",
"version": "6.2.0.2"
},
{
"status": "affected",
"version": "6.2.1"
},
{
"status": "affected",
"version": "6.2.1.1"
},
{
"status": "affected",
"version": "6.1.3.3"
},
{
"status": "affected",
"version": "6.2.1.2"
},
{
"status": "affected",
"version": "6.2.2"
},
{
"status": "affected",
"version": "6.2.2.1"
},
{
"status": "affected",
"version": "6.2.3.0"
},
{
"status": "affected",
"version": "6.2.3.1"
},
{
"status": "affected",
"version": "6.1.3.4"
},
{
"status": "affected",
"version": "6.1.3.5"
},
{
"status": "affected",
"version": "6.2.4"
},
{
"status": "affected",
"version": "6.1.3.6"
},
{
"status": "affected",
"version": "6.2.4.1"
},
{
"status": "affected",
"version": "6.2.4.2"
},
{
"status": "affected",
"version": "6.2.5"
},
{
"status": "affected",
"version": "6.2.5.1"
}
]
}
],
"datePublic": "2018-01-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 6.1 and 6.2 could allow an authenticated user to edit objects that they should not have access to due to improper access controls. IBM X-Force ID: 128691."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Data Manipulation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-12T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128691"
},
{
"name": "102483",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102483"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000367"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-01-04T00:00:00",
"ID": "CVE-2017-1493",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UrbanCode Deploy",
"version": {
"version_data": [
{
"version_value": "6.1.0.2"
},
{
"version_value": "6.1"
},
{
"version_value": "6.1.0.1"
},
{
"version_value": "6.1.0.3"
},
{
"version_value": "6.1.0.4"
},
{
"version_value": "6.1.1"
},
{
"version_value": "6.1.1.1"
},
{
"version_value": "6.1.1.2"
},
{
"version_value": "6.1.1.3"
},
{
"version_value": "6.1.1.4"
},
{
"version_value": "6.1.1.5"
},
{
"version_value": "6.1.1.6"
},
{
"version_value": "6.1.1.7"
},
{
"version_value": "6.1.2"
},
{
"version_value": "6.1.1.8"
},
{
"version_value": "6.1.3"
},
{
"version_value": "6.1.3.1"
},
{
"version_value": "6.2"
},
{
"version_value": "6.2.0.1"
},
{
"version_value": "6.1.3.2"
},
{
"version_value": "6.2.0.2"
},
{
"version_value": "6.2.1"
},
{
"version_value": "6.2.1.1"
},
{
"version_value": "6.1.3.3"
},
{
"version_value": "6.2.1.2"
},
{
"version_value": "6.2.2"
},
{
"version_value": "6.2.2.1"
},
{
"version_value": "6.2.3.0"
},
{
"version_value": "6.2.3.1"
},
{
"version_value": "6.1.3.4"
},
{
"version_value": "6.1.3.5"
},
{
"version_value": "6.2.4"
},
{
"version_value": "6.1.3.6"
},
{
"version_value": "6.2.4.1"
},
{
"version_value": "6.2.4.2"
},
{
"version_value": "6.2.5"
},
{
"version_value": "6.2.5.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM UrbanCode Deploy (UCD) 6.1 and 6.2 could allow an authenticated user to edit objects that they should not have access to due to improper access controls. IBM X-Force ID: 128691."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Data Manipulation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128691",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128691"
},
{
"name": "102483",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102483"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg2C1000367",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000367"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1493",
"datePublished": "2018-01-09T20:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-17T00:30:54.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-35716 (GCVE-0-2022-35716)
Vulnerability from cvelistv5
Published
2022-07-31 16:08
Modified
2024-09-17 01:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Obtain Information
Summary
IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.16, 7.0.0.0 through 7.0.5.11, 7.1.0.0 through 7.1.2.7, and 7.2.0.0 through 7.2.3.0 could allow an authenticated user to obtain sensitive information in some instances due to improper security checking. IBM X-Force ID: 231360.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6608584 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/231360 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | UrbanCode Deploy |
Version: 7.0.0.0 Version: 7.1.0.0 Version: 7.2.0.0 Version: 6.2.0.0 Version: 6.2.7.16 Version: 7.0.5.11 Version: 7.1.2.7 Version: 7.2.3.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:44:21.616Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6608584"
},
{
"name": "ibm-ucd-cve202235716-info-disc (231360)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/231360"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.0.0"
},
{
"status": "affected",
"version": "7.1.0.0"
},
{
"status": "affected",
"version": "7.2.0.0"
},
{
"status": "affected",
"version": "6.2.0.0"
},
{
"status": "affected",
"version": "6.2.7.16"
},
{
"status": "affected",
"version": "7.0.5.11"
},
{
"status": "affected",
"version": "7.1.2.7"
},
{
"status": "affected",
"version": "7.2.3.0"
}
]
}
],
"datePublic": "2022-07-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.16, 7.0.0.0 through 7.0.5.11, 7.1.0.0 through 7.1.2.7, and 7.2.0.0 through 7.2.3.0 could allow an authenticated user to obtain sensitive information in some instances due to improper security checking. IBM X-Force ID: 231360."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/PR:L/UI:N/I:N/AV:N/C:H/AC:H/S:U/A:N/RC:C/RL:O/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-31T16:08:06",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6608584"
},
{
"name": "ibm-ucd-cve202235716-info-disc (231360)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/231360"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-07-29T00:00:00",
"ID": "CVE-2022-35716",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UrbanCode Deploy",
"version": {
"version_data": [
{
"version_value": "7.0.0.0"
},
{
"version_value": "7.1.0.0"
},
{
"version_value": "7.2.0.0"
},
{
"version_value": "6.2.0.0"
},
{
"version_value": "6.2.7.16"
},
{
"version_value": "7.0.5.11"
},
{
"version_value": "7.1.2.7"
},
{
"version_value": "7.2.3.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.16, 7.0.0.0 through 7.0.5.11, 7.1.0.0 through 7.1.2.7, and 7.2.0.0 through 7.2.3.0 could allow an authenticated user to obtain sensitive information in some instances due to improper security checking. IBM X-Force ID: 231360."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "H",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6608584",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6608584 (UrbanCode Deploy)",
"url": "https://www.ibm.com/support/pages/node/6608584"
},
{
"name": "ibm-ucd-cve202235716-info-disc (231360)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/231360"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2022-35716",
"datePublished": "2022-07-31T16:08:06.630283Z",
"dateReserved": "2022-07-12T00:00:00",
"dateUpdated": "2024-09-17T01:56:46.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22331 (GCVE-0-2024-22331)
Vulnerability from cvelistv5
Published
2024-02-06 16:15
Modified
2024-08-01 22:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Summary
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.19, 7.1 through 7.1.2.15, 7.2 through 7.2.3.8, 7.3 through 7.3.2.3, and IBM UrbanCode Deploy (UCD) - IBM DevOps Deploy 8.0.0.0 could disclose sensitive user information when installing the Windows agent. IBM X-Force ID: 279971.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7114131 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/279971 | vdb-entry |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | UrbanCode Deploy |
Version: 7.0 ≤ 7.0.5.19 Version: 7.1 ≤ 7.1.2.15 Version: 7.2 ≤ 7.2.3.8 Version: 7.3 ≤ 7.3.2.3 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22331",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-07T15:55:49.989421Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:39.396Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:43:34.198Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7114131"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279971"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UrbanCode Deploy ",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.0.5.19",
"status": "affected",
"version": "7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.2.15",
"status": "affected",
"version": "7.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.3.8",
"status": "affected",
"version": "7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.2.3",
"status": "affected",
"version": "7.3",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DevOps Deploy",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.0.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.19, 7.1 through 7.1.2.15, 7.2 through 7.2.3.8, 7.3 through 7.3.2.3, and IBM UrbanCode Deploy (UCD) - IBM DevOps Deploy 8.0.0.0 could disclose sensitive user information when installing the Windows agent. IBM X-Force ID: 279971."
}
],
"value": "IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.19, 7.1 through 7.1.2.15, 7.2 through 7.2.3.8, 7.3 through 7.3.2.3, and IBM UrbanCode Deploy (UCD) - IBM DevOps Deploy 8.0.0.0 could disclose sensitive user information when installing the Windows agent. IBM X-Force ID: 279971."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-06T16:15:57.695Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7114131"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279971"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM UrbanCode Deploy information disclosure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-22331",
"datePublished": "2024-02-06T16:15:57.695Z",
"dateReserved": "2024-01-08T23:42:07.732Z",
"dateUpdated": "2024-08-01T22:43:34.198Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4484 (GCVE-0-2020-4484)
Vulnerability from cvelistv5
Published
2020-11-06 13:40
Modified
2024-09-17 00:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Obtain Information
Summary
IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could disclose sensitive information to an authenticated user that could be used in further attacks against the system. IBM X-Force ID: 181858.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6337605 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/181858 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | UrbanCode Deploy |
Version: 6.2.7.3 Version: 7.0.3.0 Version: 7.0.4.0 Version: 6.2.7.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:07:48.841Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6337605"
},
{
"name": "ibm-ucd-cve20204484-info-disc (181858)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181858"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.2.7.3"
},
{
"status": "affected",
"version": "7.0.3.0"
},
{
"status": "affected",
"version": "7.0.4.0"
},
{
"status": "affected",
"version": "6.2.7.4"
}
]
}
],
"datePublic": "2020-11-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could disclose sensitive information to an authenticated user that could be used in further attacks against the system. IBM X-Force ID: 181858."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/UI:N/AV:N/A:N/S:U/I:N/PR:L/C:L/AC:L/RL:O/RC:C/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-06T13:40:19",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6337605"
},
{
"name": "ibm-ucd-cve20204484-info-disc (181858)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181858"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-11-05T00:00:00",
"ID": "CVE-2020-4484",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UrbanCode Deploy",
"version": {
"version_data": [
{
"version_value": "6.2.7.3"
},
{
"version_value": "7.0.3.0"
},
{
"version_value": "7.0.4.0"
},
{
"version_value": "6.2.7.4"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could disclose sensitive information to an authenticated user that could be used in further attacks against the system. IBM X-Force ID: 181858."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6337605",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6337605 (UrbanCode Deploy)",
"url": "https://www.ibm.com/support/pages/node/6337605"
},
{
"name": "ibm-ucd-cve20204484-info-disc (181858)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181858"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4484",
"datePublished": "2020-11-06T13:40:19.591974Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-17T00:46:48.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2941 (GCVE-0-2016-2941)
Vulnerability from cvelistv5
Published
2017-02-01 22:00
Modified
2024-08-05 23:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Obtain Information
Summary
IBM UrbanCode Deploy creates temporary files during step execution that could contain sensitive information including passwords that could be read by a local user.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg2C1000220 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/95978 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | UrbanCode Deploy |
Version: 6.1.0.2 Version: 6.0 Version: 6.0.1 Version: 6.0.1.1 Version: 6.0.1.2 Version: 6.0.1.3 Version: 6.0.1.4 Version: 6.0.1.5 Version: 6.0.1.6 Version: 6.1 Version: 6.1.0.1 Version: 6.1.0.3 Version: 6.0.1.7 Version: 6.0.1.8 Version: 6.1.0.4 Version: 6.1.1 Version: 6.1.1.1 Version: 6.1.1.2 Version: 6.1.1.3 Version: 6.1.1.4 Version: 6.1.1.5 Version: 6.0.1.9 Version: 6.1.1.6 Version: 6.1.1.7 Version: 6.1.2 Version: 6.0.1.10 Version: 6.0.1.11 Version: 6.1.1.8 Version: 6.1.3 Version: 6.1.3.1 Version: 6.2 Version: 6.2.0.1 Version: 6.0.1.12 Version: 6.1.3.2 Version: 6.2.0.2 Version: 6.2.1 Version: 6.0.1.13 Version: 6.2.1.1 Version: 6.0.1.14 Version: 6.1.3.3 Version: 6.2.1.2 Version: 6.2.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:40:13.786Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000220"
},
{
"name": "95978",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95978"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UrbanCode Deploy",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "6.1.0.2"
},
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "6.0.1"
},
{
"status": "affected",
"version": "6.0.1.1"
},
{
"status": "affected",
"version": "6.0.1.2"
},
{
"status": "affected",
"version": "6.0.1.3"
},
{
"status": "affected",
"version": "6.0.1.4"
},
{
"status": "affected",
"version": "6.0.1.5"
},
{
"status": "affected",
"version": "6.0.1.6"
},
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.1.0.1"
},
{
"status": "affected",
"version": "6.1.0.3"
},
{
"status": "affected",
"version": "6.0.1.7"
},
{
"status": "affected",
"version": "6.0.1.8"
},
{
"status": "affected",
"version": "6.1.0.4"
},
{
"status": "affected",
"version": "6.1.1"
},
{
"status": "affected",
"version": "6.1.1.1"
},
{
"status": "affected",
"version": "6.1.1.2"
},
{
"status": "affected",
"version": "6.1.1.3"
},
{
"status": "affected",
"version": "6.1.1.4"
},
{
"status": "affected",
"version": "6.1.1.5"
},
{
"status": "affected",
"version": "6.0.1.9"
},
{
"status": "affected",
"version": "6.1.1.6"
},
{
"status": "affected",
"version": "6.1.1.7"
},
{
"status": "affected",
"version": "6.1.2"
},
{
"status": "affected",
"version": "6.0.1.10"
},
{
"status": "affected",
"version": "6.0.1.11"
},
{
"status": "affected",
"version": "6.1.1.8"
},
{
"status": "affected",
"version": "6.1.3"
},
{
"status": "affected",
"version": "6.1.3.1"
},
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.2.0.1"
},
{
"status": "affected",
"version": "6.0.1.12"
},
{
"status": "affected",
"version": "6.1.3.2"
},
{
"status": "affected",
"version": "6.2.0.2"
},
{
"status": "affected",
"version": "6.2.1"
},
{
"status": "affected",
"version": "6.0.1.13"
},
{
"status": "affected",
"version": "6.2.1.1"
},
{
"status": "affected",
"version": "6.0.1.14"
},
{
"status": "affected",
"version": "6.1.3.3"
},
{
"status": "affected",
"version": "6.2.1.2"
},
{
"status": "affected",
"version": "6.2.2"
}
]
}
],
"datePublic": "2016-11-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy creates temporary files during step execution that could contain sensitive information including passwords that could be read by a local user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-03T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000220"
},
{
"name": "95978",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95978"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-2941",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UrbanCode Deploy",
"version": {
"version_data": [
{
"version_value": "6.1.0.2"
},
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "6.0.1.1"
},
{
"version_value": "6.0.1.2"
},
{
"version_value": "6.0.1.3"
},
{
"version_value": "6.0.1.4"
},
{
"version_value": "6.0.1.5"
},
{
"version_value": "6.0.1.6"
},
{
"version_value": "6.1"
},
{
"version_value": "6.1.0.1"
},
{
"version_value": "6.1.0.3"
},
{
"version_value": "6.0.1.7"
},
{
"version_value": "6.0.1.8"
},
{
"version_value": "6.1.0.4"
},
{
"version_value": "6.1.1"
},
{
"version_value": "6.1.1.1"
},
{
"version_value": "6.1.1.2"
},
{
"version_value": "6.1.1.3"
},
{
"version_value": "6.1.1.4"
},
{
"version_value": "6.1.1.5"
},
{
"version_value": "6.0.1.9"
},
{
"version_value": "6.1.1.6"
},
{
"version_value": "6.1.1.7"
},
{
"version_value": "6.1.2"
},
{
"version_value": "6.0.1.10"
},
{
"version_value": "6.0.1.11"
},
{
"version_value": "6.1.1.8"
},
{
"version_value": "6.1.3"
},
{
"version_value": "6.1.3.1"
},
{
"version_value": "6.2"
},
{
"version_value": "6.2.0.1"
},
{
"version_value": "6.0.1.12"
},
{
"version_value": "6.1.3.2"
},
{
"version_value": "6.2.0.2"
},
{
"version_value": "6.2.1"
},
{
"version_value": "6.0.1.13"
},
{
"version_value": "6.2.1.1"
},
{
"version_value": "6.0.1.14"
},
{
"version_value": "6.1.3.3"
},
{
"version_value": "6.2.1.2"
},
{
"version_value": "6.2.2"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM UrbanCode Deploy creates temporary files during step execution that could contain sensitive information including passwords that could be read by a local user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg2C1000220",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000220"
},
{
"name": "95978",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95978"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-2941",
"datePublished": "2017-02-01T22:00:00",
"dateReserved": "2016-03-09T00:00:00",
"dateUpdated": "2024-08-05T23:40:13.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22359 (GCVE-0-2024-22359)
Vulnerability from cvelistv5
Published
2024-04-12 16:20
Modified
2024-08-01 22:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 280897.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7148111 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/280897 | vdb-entry |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | UrbanCode Deploy |
Version: 7.0 ≤ 7.0.5.20 Version: 7.1 ≤ 7.1.2.16 Version: 7.2 ≤ 7.2.3.9 Version: 7.3 ≤ 7.3.2.4 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22359",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T18:42:25.637654Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:52:35.813Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:43:34.490Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7148111"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/280897"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.0.5.20",
"status": "affected",
"version": "7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.2.16",
"status": "affected",
"version": "7.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.3.9",
"status": "affected",
"version": "7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.2.4",
"status": "affected",
"version": "7.3",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DevOps Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "8.0.0.1",
"status": "affected",
"version": "8.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 280897."
}
],
"value": "IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 280897."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-12T16:20:38.337Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7148111"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/280897"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM UrbanCode Deploy cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-22359",
"datePublished": "2024-04-12T16:20:38.337Z",
"dateReserved": "2024-01-08T23:42:36.758Z",
"dateUpdated": "2024-08-01T22:43:34.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-56469 (GCVE-0-2024-56469)
Vulnerability from cvelistv5
Published
2025-03-27 14:32
Modified
2025-09-01 10:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-306 - Missing Authentication for Critical Function
Summary
IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.22, 7.2 through 7.2.3.15, and 7.3 through 7.3.2.10 / IBM DevOps Deploy 8.0 through 8.0.1.5 and 8.1 through 8.1.0.1 could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7229031 | vendor-advisory, patch |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | UrbanCode Deploy |
Version: 7.1 ≤ 7.1.2.22 Version: 7.2 ≤ 7.2.3.15 Version: 7.3 ≤ 7.3.2.10 cpe:2.3:a:ibm:urbancode_deploy:7.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.1.2.22:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.2.3.15:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.3.2.10:*:*:*:*:*:*:* |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-56469",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T15:09:59.879895Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T15:10:02.778Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:urbancode_deploy:7.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.1.2.22:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.2.3.15:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.3.2.10:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.1.2.22",
"status": "affected",
"version": "7.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.3.15",
"status": "affected",
"version": "7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.2.10",
"status": "affected",
"version": "7.3",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:devops_deploy:8.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:devops_deploy:8.0.1.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:devops_deploy:8.1.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:devops_deploy:8.1.0.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "DevOps Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "8.0.1.5",
"status": "affected",
"version": "8.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.1.0.1",
"status": "affected",
"version": "8.1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.22, 7.2 through 7.2.3.15, and 7.3 through 7.3.2.10 / IBM DevOps Deploy 8.0 through 8.0.1.5 and 8.1 through 8.1.0.1 could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service."
}
],
"value": "IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.22, 7.2 through 7.2.3.15, and 7.3 through 7.3.2.10 / IBM DevOps Deploy 8.0 through 8.0.1.5 and 8.1 through 8.1.0.1 could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-01T10:14:14.162Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7229031"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM UrbanCode Deploy (UCD) / IBM DevOps Deploy missing authentication",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-56469",
"datePublished": "2025-03-27T14:32:51.723Z",
"dateReserved": "2024-12-26T12:51:26.633Z",
"dateUpdated": "2025-09-01T10:14:14.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-0320 (GCVE-0-2016-0320)
Vulnerability from cvelistv5
Published
2017-02-01 22:00
Modified
2024-08-05 22:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Bypass Security
Summary
IBM UrbanCode Deploy could allow an authenticated user to modify Ucd objects due to multiple REST endpoints not properly authorizing users editing UCD objects. This could affect the behavior of legitimately triggered processes.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/95974 | vdb-entry, x_refsource_BID | |
| http://www.ibm.com/support/docview.wss?uid=swg2C1000222 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | UrbanCode Deploy |
Version: 6.1.0.2 Version: 6.0 Version: 6.0.1 Version: 6.0.1.1 Version: 6.0.1.2 Version: 6.0.1.3 Version: 6.0.1.4 Version: 6.0.1.5 Version: 6.0.1.6 Version: 6.1 Version: 6.1.0.1 Version: 6.1.0.3 Version: 6.0.1.7 Version: 6.0.1.8 Version: 6.1.0.4 Version: 6.1.1 Version: 6.1.1.1 Version: 6.1.1.2 Version: 6.1.1.3 Version: 6.1.1.4 Version: 6.1.1.5 Version: 6.0.1.9 Version: 6.1.1.6 Version: 6.1.1.7 Version: 6.1.2 Version: 6.0.1.10 Version: 6.0.1.11 Version: 6.1.1.8 Version: 6.1.3 Version: 6.1.3.1 Version: 6.2 Version: 6.2.0.1 Version: 6.0.1.12 Version: 6.1.3.2 Version: 6.2.0.2 Version: 6.2.1 Version: 6.0.1.13 Version: 6.2.1.1 Version: 6.0.1.14 Version: 6.1.3.3 Version: 6.2.1.2 Version: 6.2.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:15:23.380Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95974",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95974"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000222"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UrbanCode Deploy",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "6.1.0.2"
},
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "6.0.1"
},
{
"status": "affected",
"version": "6.0.1.1"
},
{
"status": "affected",
"version": "6.0.1.2"
},
{
"status": "affected",
"version": "6.0.1.3"
},
{
"status": "affected",
"version": "6.0.1.4"
},
{
"status": "affected",
"version": "6.0.1.5"
},
{
"status": "affected",
"version": "6.0.1.6"
},
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.1.0.1"
},
{
"status": "affected",
"version": "6.1.0.3"
},
{
"status": "affected",
"version": "6.0.1.7"
},
{
"status": "affected",
"version": "6.0.1.8"
},
{
"status": "affected",
"version": "6.1.0.4"
},
{
"status": "affected",
"version": "6.1.1"
},
{
"status": "affected",
"version": "6.1.1.1"
},
{
"status": "affected",
"version": "6.1.1.2"
},
{
"status": "affected",
"version": "6.1.1.3"
},
{
"status": "affected",
"version": "6.1.1.4"
},
{
"status": "affected",
"version": "6.1.1.5"
},
{
"status": "affected",
"version": "6.0.1.9"
},
{
"status": "affected",
"version": "6.1.1.6"
},
{
"status": "affected",
"version": "6.1.1.7"
},
{
"status": "affected",
"version": "6.1.2"
},
{
"status": "affected",
"version": "6.0.1.10"
},
{
"status": "affected",
"version": "6.0.1.11"
},
{
"status": "affected",
"version": "6.1.1.8"
},
{
"status": "affected",
"version": "6.1.3"
},
{
"status": "affected",
"version": "6.1.3.1"
},
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.2.0.1"
},
{
"status": "affected",
"version": "6.0.1.12"
},
{
"status": "affected",
"version": "6.1.3.2"
},
{
"status": "affected",
"version": "6.2.0.2"
},
{
"status": "affected",
"version": "6.2.1"
},
{
"status": "affected",
"version": "6.0.1.13"
},
{
"status": "affected",
"version": "6.2.1.1"
},
{
"status": "affected",
"version": "6.0.1.14"
},
{
"status": "affected",
"version": "6.1.3.3"
},
{
"status": "affected",
"version": "6.2.1.2"
},
{
"status": "affected",
"version": "6.2.2"
}
]
}
],
"datePublic": "2016-11-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy could allow an authenticated user to modify Ucd objects due to multiple REST endpoints not properly authorizing users editing UCD objects. This could affect the behavior of legitimately triggered processes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Bypass Security",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-03T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "95974",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95974"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000222"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-0320",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UrbanCode Deploy",
"version": {
"version_data": [
{
"version_value": "6.1.0.2"
},
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "6.0.1.1"
},
{
"version_value": "6.0.1.2"
},
{
"version_value": "6.0.1.3"
},
{
"version_value": "6.0.1.4"
},
{
"version_value": "6.0.1.5"
},
{
"version_value": "6.0.1.6"
},
{
"version_value": "6.1"
},
{
"version_value": "6.1.0.1"
},
{
"version_value": "6.1.0.3"
},
{
"version_value": "6.0.1.7"
},
{
"version_value": "6.0.1.8"
},
{
"version_value": "6.1.0.4"
},
{
"version_value": "6.1.1"
},
{
"version_value": "6.1.1.1"
},
{
"version_value": "6.1.1.2"
},
{
"version_value": "6.1.1.3"
},
{
"version_value": "6.1.1.4"
},
{
"version_value": "6.1.1.5"
},
{
"version_value": "6.0.1.9"
},
{
"version_value": "6.1.1.6"
},
{
"version_value": "6.1.1.7"
},
{
"version_value": "6.1.2"
},
{
"version_value": "6.0.1.10"
},
{
"version_value": "6.0.1.11"
},
{
"version_value": "6.1.1.8"
},
{
"version_value": "6.1.3"
},
{
"version_value": "6.1.3.1"
},
{
"version_value": "6.2"
},
{
"version_value": "6.2.0.1"
},
{
"version_value": "6.0.1.12"
},
{
"version_value": "6.1.3.2"
},
{
"version_value": "6.2.0.2"
},
{
"version_value": "6.2.1"
},
{
"version_value": "6.0.1.13"
},
{
"version_value": "6.2.1.1"
},
{
"version_value": "6.0.1.14"
},
{
"version_value": "6.1.3.3"
},
{
"version_value": "6.2.1.2"
},
{
"version_value": "6.2.2"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM UrbanCode Deploy could allow an authenticated user to modify Ucd objects due to multiple REST endpoints not properly authorizing users editing UCD objects. This could affect the behavior of legitimately triggered processes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Bypass Security"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95974",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95974"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg2C1000222",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000222"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-0320",
"datePublished": "2017-02-01T22:00:00",
"dateReserved": "2015-12-08T00:00:00",
"dateUpdated": "2024-08-05T22:15:23.380Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42015 (GCVE-0-2023-42015)
Vulnerability from cvelistv5
Published
2023-12-19 02:12
Modified
2024-11-21 19:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- 80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Summary
IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. IBM X-Force ID: 265512.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7096546 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/265512 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | UrbanCode Deploy |
Version: 7.1 ≤ 7.1.2.14 Version: 7.2 ≤ 7.2.3.7 Version: 7.3 ≤ 7.3.2.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:16:49.553Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7096546"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265512"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-42015",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-12-21T20:47:11.628932Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T19:01:20.125Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.1.2.14",
"status": "affected",
"version": "7.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.3.7",
"status": "affected",
"version": "7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.2.2",
"status": "affected",
"version": "7.3",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. IBM X-Force ID: 265512."
}
],
"value": "IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. IBM X-Force ID: 265512."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-19T02:12:19.966Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7096546"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265512"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM UrbanCode Deploy HTML injection",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-42015",
"datePublished": "2023-12-19T02:12:19.966Z",
"dateReserved": "2023-09-06T19:33:10.323Z",
"dateUpdated": "2024-11-21T19:01:20.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9008 (GCVE-0-2016-9008)
Vulnerability from cvelistv5
Published
2017-02-01 22:00
Modified
2024-08-06 02:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Gain Access
Summary
IBM UrbanCode Deploy could allow a malicious user to access the Agent Relay ActiveMQ Broker JMX interface and run plugins on the agent.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/95283 | vdb-entry, x_refsource_BID | |
| http://www.ibm.com/support/docview.wss?uid=swg2C1000238 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | UrbanCode Deploy |
Version: 6.1.0.2 Version: 6.0 Version: 6.0.1 Version: 6.0.1.1 Version: 6.0.1.2 Version: 6.0.1.3 Version: 6.0.1.4 Version: 6.0.1.5 Version: 6.0.1.6 Version: 6.1 Version: 6.1.0.1 Version: 6.1.0.3 Version: 6.0.1.7 Version: 6.0.1.8 Version: 6.1.0.4 Version: 6.1.1 Version: 6.1.1.1 Version: 6.1.1.2 Version: 6.1.1.3 Version: 6.1.1.4 Version: 6.1.1.5 Version: 6.0.1.9 Version: 6.1.1.6 Version: 6.1.1.7 Version: 6.1.2 Version: 6.0.1.10 Version: 6.0.1.11 Version: 6.1.1.8 Version: 6.1.3 Version: 6.1.3.1 Version: 6.2 Version: 6.2.0.1 Version: 6.0.1.12 Version: 6.1.3.2 Version: 6.2.0.2 Version: 6.2.1 Version: 6.0.1.13 Version: 6.2.1.1 Version: 6.0.1.14 Version: 6.1.3.3 Version: 6.2.1.2 Version: 6.2.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.658Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95283",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95283"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000238"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UrbanCode Deploy",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "6.1.0.2"
},
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "6.0.1"
},
{
"status": "affected",
"version": "6.0.1.1"
},
{
"status": "affected",
"version": "6.0.1.2"
},
{
"status": "affected",
"version": "6.0.1.3"
},
{
"status": "affected",
"version": "6.0.1.4"
},
{
"status": "affected",
"version": "6.0.1.5"
},
{
"status": "affected",
"version": "6.0.1.6"
},
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.1.0.1"
},
{
"status": "affected",
"version": "6.1.0.3"
},
{
"status": "affected",
"version": "6.0.1.7"
},
{
"status": "affected",
"version": "6.0.1.8"
},
{
"status": "affected",
"version": "6.1.0.4"
},
{
"status": "affected",
"version": "6.1.1"
},
{
"status": "affected",
"version": "6.1.1.1"
},
{
"status": "affected",
"version": "6.1.1.2"
},
{
"status": "affected",
"version": "6.1.1.3"
},
{
"status": "affected",
"version": "6.1.1.4"
},
{
"status": "affected",
"version": "6.1.1.5"
},
{
"status": "affected",
"version": "6.0.1.9"
},
{
"status": "affected",
"version": "6.1.1.6"
},
{
"status": "affected",
"version": "6.1.1.7"
},
{
"status": "affected",
"version": "6.1.2"
},
{
"status": "affected",
"version": "6.0.1.10"
},
{
"status": "affected",
"version": "6.0.1.11"
},
{
"status": "affected",
"version": "6.1.1.8"
},
{
"status": "affected",
"version": "6.1.3"
},
{
"status": "affected",
"version": "6.1.3.1"
},
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.2.0.1"
},
{
"status": "affected",
"version": "6.0.1.12"
},
{
"status": "affected",
"version": "6.1.3.2"
},
{
"status": "affected",
"version": "6.2.0.2"
},
{
"status": "affected",
"version": "6.2.1"
},
{
"status": "affected",
"version": "6.0.1.13"
},
{
"status": "affected",
"version": "6.2.1.1"
},
{
"status": "affected",
"version": "6.0.1.14"
},
{
"status": "affected",
"version": "6.1.3.3"
},
{
"status": "affected",
"version": "6.2.1.2"
},
{
"status": "affected",
"version": "6.2.2"
}
]
}
],
"datePublic": "2016-12-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy could allow a malicious user to access the Agent Relay ActiveMQ Broker JMX interface and run plugins on the agent."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-02T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "95283",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95283"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000238"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-9008",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UrbanCode Deploy",
"version": {
"version_data": [
{
"version_value": "6.1.0.2"
},
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "6.0.1.1"
},
{
"version_value": "6.0.1.2"
},
{
"version_value": "6.0.1.3"
},
{
"version_value": "6.0.1.4"
},
{
"version_value": "6.0.1.5"
},
{
"version_value": "6.0.1.6"
},
{
"version_value": "6.1"
},
{
"version_value": "6.1.0.1"
},
{
"version_value": "6.1.0.3"
},
{
"version_value": "6.0.1.7"
},
{
"version_value": "6.0.1.8"
},
{
"version_value": "6.1.0.4"
},
{
"version_value": "6.1.1"
},
{
"version_value": "6.1.1.1"
},
{
"version_value": "6.1.1.2"
},
{
"version_value": "6.1.1.3"
},
{
"version_value": "6.1.1.4"
},
{
"version_value": "6.1.1.5"
},
{
"version_value": "6.0.1.9"
},
{
"version_value": "6.1.1.6"
},
{
"version_value": "6.1.1.7"
},
{
"version_value": "6.1.2"
},
{
"version_value": "6.0.1.10"
},
{
"version_value": "6.0.1.11"
},
{
"version_value": "6.1.1.8"
},
{
"version_value": "6.1.3"
},
{
"version_value": "6.1.3.1"
},
{
"version_value": "6.2"
},
{
"version_value": "6.2.0.1"
},
{
"version_value": "6.0.1.12"
},
{
"version_value": "6.1.3.2"
},
{
"version_value": "6.2.0.2"
},
{
"version_value": "6.2.1"
},
{
"version_value": "6.0.1.13"
},
{
"version_value": "6.2.1.1"
},
{
"version_value": "6.0.1.14"
},
{
"version_value": "6.1.3.3"
},
{
"version_value": "6.2.1.2"
},
{
"version_value": "6.2.2"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM UrbanCode Deploy could allow a malicious user to access the Agent Relay ActiveMQ Broker JMX interface and run plugins on the agent."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95283",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95283"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg2C1000238",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000238"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-9008",
"datePublished": "2017-02-01T22:00:00",
"dateReserved": "2016-10-25T00:00:00",
"dateUpdated": "2024-08-06T02:35:02.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-0267 (GCVE-0-2016-0267)
Vulnerability from cvelistv5
Published
2016-06-29 01:00
Modified
2024-08-05 22:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 allows remote authenticated users to obtain sensitive cleartext secure-property information via (1) the server UI or (2) a database request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg2C1000151 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:15:23.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg2C1000151"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 allows remote authenticated users to obtain sensitive cleartext secure-property information via (1) the server UI or (2) a database request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-06-29T01:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg2C1000151"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-0267",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 allows remote authenticated users to obtain sensitive cleartext secure-property information via (1) the server UI or (2) a database request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg2C1000151",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg2C1000151"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-0267",
"datePublished": "2016-06-29T01:00:00",
"dateReserved": "2015-12-08T00:00:00",
"dateUpdated": "2024-08-05T22:15:23.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-0373 (GCVE-0-2016-0373)
Vulnerability from cvelistv5
Published
2018-08-30 16:00
Modified
2024-09-16 17:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Obtain Information
Summary
IBM UrbanCode Deploy 6.0 through 6.2.2.1 could allow an authenticated user to read sensitive information due to UCD REST endpoints not properly authorizing users when determining who can read data. IBM X-Force ID: 112119.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg2C1000219 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/112119 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | UrbanCode Deploy |
Version: 6.1.0.2 Version: 6.0 Version: 6.0.1 Version: 6.0.1.1 Version: 6.0.1.2 Version: 6.0.1.3 Version: 6.0.1.4 Version: 6.0.1.5 Version: 6.0.1.6 Version: 6.1 Version: 6.1.0.1 Version: 6.1.0.3 Version: 6.0.1.7 Version: 6.0.1.8 Version: 6.1.0.4 Version: 6.1.1 Version: 6.1.1.1 Version: 6.1.1.2 Version: 6.1.1.3 Version: 6.1.1.4 Version: 6.1.1.5 Version: 6.0.1.9 Version: 6.1.1.6 Version: 6.1.1.7 Version: 6.1.2 Version: 6.0.1.10 Version: 6.0.1.11 Version: 6.1.1.8 Version: 6.1.3 Version: 6.1.3.1 Version: 6.2 Version: 6.2.0.1 Version: 6.0.1.12 Version: 6.1.3.2 Version: 6.2.0.2 Version: 6.2.1 Version: 6.0.1.13 Version: 6.2.1.1 Version: 6.0.1.14 Version: 6.1.3.3 Version: 6.2.2 Version: 6.2.2.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:15:24.364Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg2C1000219"
},
{
"name": "ibm-ucd-cve20160373-info-disc(112119)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/112119"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.1.0.2"
},
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "6.0.1"
},
{
"status": "affected",
"version": "6.0.1.1"
},
{
"status": "affected",
"version": "6.0.1.2"
},
{
"status": "affected",
"version": "6.0.1.3"
},
{
"status": "affected",
"version": "6.0.1.4"
},
{
"status": "affected",
"version": "6.0.1.5"
},
{
"status": "affected",
"version": "6.0.1.6"
},
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.1.0.1"
},
{
"status": "affected",
"version": "6.1.0.3"
},
{
"status": "affected",
"version": "6.0.1.7"
},
{
"status": "affected",
"version": "6.0.1.8"
},
{
"status": "affected",
"version": "6.1.0.4"
},
{
"status": "affected",
"version": "6.1.1"
},
{
"status": "affected",
"version": "6.1.1.1"
},
{
"status": "affected",
"version": "6.1.1.2"
},
{
"status": "affected",
"version": "6.1.1.3"
},
{
"status": "affected",
"version": "6.1.1.4"
},
{
"status": "affected",
"version": "6.1.1.5"
},
{
"status": "affected",
"version": "6.0.1.9"
},
{
"status": "affected",
"version": "6.1.1.6"
},
{
"status": "affected",
"version": "6.1.1.7"
},
{
"status": "affected",
"version": "6.1.2"
},
{
"status": "affected",
"version": "6.0.1.10"
},
{
"status": "affected",
"version": "6.0.1.11"
},
{
"status": "affected",
"version": "6.1.1.8"
},
{
"status": "affected",
"version": "6.1.3"
},
{
"status": "affected",
"version": "6.1.3.1"
},
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.2.0.1"
},
{
"status": "affected",
"version": "6.0.1.12"
},
{
"status": "affected",
"version": "6.1.3.2"
},
{
"status": "affected",
"version": "6.2.0.2"
},
{
"status": "affected",
"version": "6.2.1"
},
{
"status": "affected",
"version": "6.0.1.13"
},
{
"status": "affected",
"version": "6.2.1.1"
},
{
"status": "affected",
"version": "6.0.1.14"
},
{
"status": "affected",
"version": "6.1.3.3"
},
{
"status": "affected",
"version": "6.2.2"
},
{
"status": "affected",
"version": "6.2.2.1"
}
]
}
],
"datePublic": "2016-11-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy 6.0 through 6.2.2.1 could allow an authenticated user to read sensitive information due to UCD REST endpoints not properly authorizing users when determining who can read data. IBM X-Force ID: 112119."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 2.7,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/AC:H/AV:N/C:L/I:N/PR:L/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-30T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg2C1000219"
},
{
"name": "ibm-ucd-cve20160373-info-disc(112119)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/112119"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2016-11-14T00:00:00",
"ID": "CVE-2016-0373",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UrbanCode Deploy",
"version": {
"version_data": [
{
"version_value": "6.1.0.2"
},
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "6.0.1.1"
},
{
"version_value": "6.0.1.2"
},
{
"version_value": "6.0.1.3"
},
{
"version_value": "6.0.1.4"
},
{
"version_value": "6.0.1.5"
},
{
"version_value": "6.0.1.6"
},
{
"version_value": "6.1"
},
{
"version_value": "6.1.0.1"
},
{
"version_value": "6.1.0.3"
},
{
"version_value": "6.0.1.7"
},
{
"version_value": "6.0.1.8"
},
{
"version_value": "6.1.0.4"
},
{
"version_value": "6.1.1"
},
{
"version_value": "6.1.1.1"
},
{
"version_value": "6.1.1.2"
},
{
"version_value": "6.1.1.3"
},
{
"version_value": "6.1.1.4"
},
{
"version_value": "6.1.1.5"
},
{
"version_value": "6.0.1.9"
},
{
"version_value": "6.1.1.6"
},
{
"version_value": "6.1.1.7"
},
{
"version_value": "6.1.2"
},
{
"version_value": "6.0.1.10"
},
{
"version_value": "6.0.1.11"
},
{
"version_value": "6.1.1.8"
},
{
"version_value": "6.1.3"
},
{
"version_value": "6.1.3.1"
},
{
"version_value": "6.2"
},
{
"version_value": "6.2.0.1"
},
{
"version_value": "6.0.1.12"
},
{
"version_value": "6.1.3.2"
},
{
"version_value": "6.2.0.2"
},
{
"version_value": "6.2.1"
},
{
"version_value": "6.0.1.13"
},
{
"version_value": "6.2.1.1"
},
{
"version_value": "6.0.1.14"
},
{
"version_value": "6.1.3.3"
},
{
"version_value": "6.2.2"
},
{
"version_value": "6.2.2.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM UrbanCode Deploy 6.0 through 6.2.2.1 could allow an authenticated user to read sensitive information due to UCD REST endpoints not properly authorizing users when determining who can read data. IBM X-Force ID: 112119."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "L",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg2C1000219",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg2C1000219"
},
{
"name": "ibm-ucd-cve20160373-info-disc(112119)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/112119"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-0373",
"datePublished": "2018-08-30T16:00:00Z",
"dateReserved": "2015-12-08T00:00:00",
"dateUpdated": "2024-09-16T17:08:27.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22367 (GCVE-0-2022-22367)
Vulnerability from cvelistv5
Published
2022-07-01 18:00
Modified
2024-09-17 00:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Obtain Information
Summary
IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 could disclose sensitive database information to a local user in plain text. IBM X-Force ID: 221008.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6600067 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/221008 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | UrbanCode Deploy |
Version: 6.2.7.15 Version: 7.0.5.10 Version: 7.1.2.6 Version: 7.2.2.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:14:54.937Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6600067"
},
{
"name": "ibm-ucd-cve202222367-info-disc (221008)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/221008"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.2.7.15"
},
{
"status": "affected",
"version": "7.0.5.10"
},
{
"status": "affected",
"version": "7.1.2.6"
},
{
"status": "affected",
"version": "7.2.2.1"
}
]
}
],
"datePublic": "2022-06-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 could disclose sensitive database information to a local user in plain text. IBM X-Force ID: 221008."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.5,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/A:N/I:N/UI:N/C:L/AC:L/S:U/PR:N/RC:C/RL:O/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-01T18:00:46",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6600067"
},
{
"name": "ibm-ucd-cve202222367-info-disc (221008)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/221008"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-06-30T00:00:00",
"ID": "CVE-2022-22367",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UrbanCode Deploy",
"version": {
"version_data": [
{
"version_value": "6.2.7.15"
},
{
"version_value": "7.0.5.10"
},
{
"version_value": "7.1.2.6"
},
{
"version_value": "7.2.2.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 could disclose sensitive database information to a local user in plain text. IBM X-Force ID: 221008."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "L",
"C": "L",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6600067",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6600067 (UrbanCode Deploy)",
"url": "https://www.ibm.com/support/pages/node/6600067"
},
{
"name": "ibm-ucd-cve202222367-info-disc (221008)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/221008"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2022-22367",
"datePublished": "2022-07-01T18:00:46.781561Z",
"dateReserved": "2022-01-03T00:00:00",
"dateUpdated": "2024-09-17T00:56:53.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-43877 (GCVE-0-2022-43877)
Vulnerability from cvelistv5
Published
2023-05-06 02:44
Modified
2025-01-29 15:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- 256 Plaintext Storage of a Password
Summary
IBM UrbanCode Deploy (UCD) versions up to 7.3.0.1 could disclose sensitive password information during a manual edit of the agentrelay.properties file. IBM X-Force ID: 240148.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6967351 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/240148 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | UrbanCode Deploy |
Version: 6.2 ≤ 6.2.7.19 Version: 7.0 ≤ 7.0.5.14 Version: 7.1 ≤ 7.1.2.10 Version: 7.2 ≤ 7.2.3.3 Version: 7.3 ≤ 7.3.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:40:06.727Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6967351"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/240148"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-43877",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T15:54:25.684893Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "CWE-922 Insecure Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-29T15:56:12.827Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.2.7.19",
"status": "affected",
"version": "6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.5.14",
"status": "affected",
"version": "7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.2.10",
"status": "affected",
"version": "7.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.3.3",
"status": "affected",
"version": "7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.0.1",
"status": "affected",
"version": "7.3",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM UrbanCode Deploy (UCD) versions up to 7.3.0.1 could disclose sensitive password information during a manual edit of the agentrelay.properties file. IBM X-Force ID: 240148."
}
],
"value": "IBM UrbanCode Deploy (UCD) versions up to 7.3.0.1 could disclose sensitive password information during a manual edit of the agentrelay.properties file. IBM X-Force ID: 240148."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "256 Plaintext Storage of a Password",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-06T02:44:14.137Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/6967351"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/240148"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM UrbanCode Deploy (UCD) information disclosure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2022-43877",
"datePublished": "2023-05-06T02:44:14.137Z",
"dateReserved": "2022-10-26T15:46:22.830Z",
"dateUpdated": "2025-01-29T15:56:12.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1749 (GCVE-0-2017-1749)
Vulnerability from cvelistv5
Published
2018-08-13 16:00
Modified
2024-09-16 19:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- File Manipulation
Summary
IBM UrbanCode Deploy 6.1 through 6.9.6.0 could allow a remote attacker to traverse directories on the system. An unauthenticated attacker could alter UCD deployments. IBM X-Force ID: 135522.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/135522 | vdb-entry, x_refsource_XF | |
| https://www.ibm.com/support/docview.wss?uid=swg2C1000374 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | UrbanCode Deploy |
Version: 6.1.0.2 Version: 6.1 Version: 6.1.0.1 Version: 6.1.0.3 Version: 6.1.0.4 Version: 6.1.1 Version: 6.1.1.1 Version: 6.1.1.2 Version: 6.1.1.3 Version: 6.1.1.4 Version: 6.1.1.5 Version: 6.1.1.6 Version: 6.1.1.7 Version: 6.1.2 Version: 6.1.1.8 Version: 6.1.3 Version: 6.1.3.1 Version: 6.2 Version: 6.2.0.1 Version: 6.1.3.2 Version: 6.2.0.2 Version: 6.2.1 Version: 6.2.1.1 Version: 6.1.3.3 Version: 6.2.1.2 Version: 6.2.2 Version: 6.2.2.1 Version: 6.2.3.0 Version: 6.2.3.1 Version: 6.1.3.4 Version: 6.1.3.5 Version: 6.2.4 Version: 6.1.3.6 Version: 6.2.4.1 Version: 6.2.4.2 Version: 6.2.5 Version: 6.2.5.1 Version: 6.2.5.2 Version: 6.2.6.0 Version: 6.2.6.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-ucd-cve20171749-path-traversal(135522)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/135522"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg2C1000374"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.1.0.2"
},
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.1.0.1"
},
{
"status": "affected",
"version": "6.1.0.3"
},
{
"status": "affected",
"version": "6.1.0.4"
},
{
"status": "affected",
"version": "6.1.1"
},
{
"status": "affected",
"version": "6.1.1.1"
},
{
"status": "affected",
"version": "6.1.1.2"
},
{
"status": "affected",
"version": "6.1.1.3"
},
{
"status": "affected",
"version": "6.1.1.4"
},
{
"status": "affected",
"version": "6.1.1.5"
},
{
"status": "affected",
"version": "6.1.1.6"
},
{
"status": "affected",
"version": "6.1.1.7"
},
{
"status": "affected",
"version": "6.1.2"
},
{
"status": "affected",
"version": "6.1.1.8"
},
{
"status": "affected",
"version": "6.1.3"
},
{
"status": "affected",
"version": "6.1.3.1"
},
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.2.0.1"
},
{
"status": "affected",
"version": "6.1.3.2"
},
{
"status": "affected",
"version": "6.2.0.2"
},
{
"status": "affected",
"version": "6.2.1"
},
{
"status": "affected",
"version": "6.2.1.1"
},
{
"status": "affected",
"version": "6.1.3.3"
},
{
"status": "affected",
"version": "6.2.1.2"
},
{
"status": "affected",
"version": "6.2.2"
},
{
"status": "affected",
"version": "6.2.2.1"
},
{
"status": "affected",
"version": "6.2.3.0"
},
{
"status": "affected",
"version": "6.2.3.1"
},
{
"status": "affected",
"version": "6.1.3.4"
},
{
"status": "affected",
"version": "6.1.3.5"
},
{
"status": "affected",
"version": "6.2.4"
},
{
"status": "affected",
"version": "6.1.3.6"
},
{
"status": "affected",
"version": "6.2.4.1"
},
{
"status": "affected",
"version": "6.2.4.2"
},
{
"status": "affected",
"version": "6.2.5"
},
{
"status": "affected",
"version": "6.2.5.1"
},
{
"status": "affected",
"version": "6.2.5.2"
},
{
"status": "affected",
"version": "6.2.6.0"
},
{
"status": "affected",
"version": "6.2.6.1"
}
]
}
],
"datePublic": "2018-08-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy 6.1 through 6.9.6.0 could allow a remote attacker to traverse directories on the system. An unauthenticated attacker could alter UCD deployments. IBM X-Force ID: 135522."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:N/I:L/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "File Manipulation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-13T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-ucd-cve20171749-path-traversal(135522)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/135522"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg2C1000374"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-08-06T00:00:00",
"ID": "CVE-2017-1749",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UrbanCode Deploy",
"version": {
"version_data": [
{
"version_value": "6.1.0.2"
},
{
"version_value": "6.1"
},
{
"version_value": "6.1.0.1"
},
{
"version_value": "6.1.0.3"
},
{
"version_value": "6.1.0.4"
},
{
"version_value": "6.1.1"
},
{
"version_value": "6.1.1.1"
},
{
"version_value": "6.1.1.2"
},
{
"version_value": "6.1.1.3"
},
{
"version_value": "6.1.1.4"
},
{
"version_value": "6.1.1.5"
},
{
"version_value": "6.1.1.6"
},
{
"version_value": "6.1.1.7"
},
{
"version_value": "6.1.2"
},
{
"version_value": "6.1.1.8"
},
{
"version_value": "6.1.3"
},
{
"version_value": "6.1.3.1"
},
{
"version_value": "6.2"
},
{
"version_value": "6.2.0.1"
},
{
"version_value": "6.1.3.2"
},
{
"version_value": "6.2.0.2"
},
{
"version_value": "6.2.1"
},
{
"version_value": "6.2.1.1"
},
{
"version_value": "6.1.3.3"
},
{
"version_value": "6.2.1.2"
},
{
"version_value": "6.2.2"
},
{
"version_value": "6.2.2.1"
},
{
"version_value": "6.2.3.0"
},
{
"version_value": "6.2.3.1"
},
{
"version_value": "6.1.3.4"
},
{
"version_value": "6.1.3.5"
},
{
"version_value": "6.2.4"
},
{
"version_value": "6.1.3.6"
},
{
"version_value": "6.2.4.1"
},
{
"version_value": "6.2.4.2"
},
{
"version_value": "6.2.5"
},
{
"version_value": "6.2.5.1"
},
{
"version_value": "6.2.5.2"
},
{
"version_value": "6.2.6.0"
},
{
"version_value": "6.2.6.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM UrbanCode Deploy 6.1 through 6.9.6.0 could allow a remote attacker to traverse directories on the system. An unauthenticated attacker could alter UCD deployments. IBM X-Force ID: 135522."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "N",
"I": "L",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "File Manipulation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-ucd-cve20171749-path-traversal(135522)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/135522"
},
{
"name": "https://www.ibm.com/support/docview.wss?uid=swg2C1000374",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=swg2C1000374"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1749",
"datePublished": "2018-08-13T16:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T19:04:58.422Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1286 (GCVE-0-2017-1286)
Vulnerability from cvelistv5
Published
2018-08-13 16:00
Modified
2024-08-05 13:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Sensitive information about the configuration of the IBM UrbanCode Deploy 6.1 through 6.9.6.0 server and database can be obtained by a user who has been given elevated permissions in the UI, even after those elevated permissions have been revoked. IBM X-Force ID: 125147.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/docview.wss?uid=swg2C1000377 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/125147 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:28.479Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg2C1000377"
},
{
"name": "ibm-ucd-cve20171286-info-disc(125147)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125147"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Sensitive information about the configuration of the IBM UrbanCode Deploy 6.1 through 6.9.6.0 server and database can be obtained by a user who has been given elevated permissions in the UI, even after those elevated permissions have been revoked. IBM X-Force ID: 125147."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-13T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg2C1000377"
},
{
"name": "ibm-ucd-cve20171286-info-disc(125147)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125147"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2017-1286",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sensitive information about the configuration of the IBM UrbanCode Deploy 6.1 through 6.9.6.0 server and database can be obtained by a user who has been given elevated permissions in the UI, even after those elevated permissions have been revoked. IBM X-Force ID: 125147."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=swg2C1000377",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=swg2C1000377"
},
{
"name": "ibm-ucd-cve20171286-info-disc(125147)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125147"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1286",
"datePublished": "2018-08-13T16:00:00",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-08-05T13:32:28.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9006 (GCVE-0-2016-9006)
Vulnerability from cvelistv5
Published
2017-03-08 19:00
Modified
2024-08-06 02:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-Site Scripting
Summary
IBM UrbanCode Deploy 6.1 and 6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: C1000264.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg2C1000264 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/96757 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | UrbanCode Deploy |
Version: 6.1.0.2 Version: 6.0 Version: 6.0.1 Version: 6.0.1.1 Version: 6.0.1.2 Version: 6.0.1.3 Version: 6.0.1.4 Version: 6.0.1.5 Version: 6.0.1.6 Version: 6.1 Version: 6.1.0.1 Version: 6.1.0.3 Version: 6.0.1.7 Version: 6.0.1.8 Version: 6.1.0.4 Version: 6.1.1 Version: 6.1.1.1 Version: 6.1.1.2 Version: 6.1.1.3 Version: 6.1.1.4 Version: 6.1.1.5 Version: 6.0.1.9 Version: 6.1.1.6 Version: 6.1.1.7 Version: 6.1.2 Version: 6.0.1.10 Version: 6.0.1.11 Version: 6.1.1.8 Version: 6.1.3 Version: 6.1.3.1 Version: 6.2 Version: 6.2.0.1 Version: 6.0.1.12 Version: 6.1.3.2 Version: 6.2.0.2 Version: 6.2.1 Version: 6.0.1.13 Version: 6.2.1.1 Version: 6.0.1.14 Version: 6.1.3.3 Version: 6.2.1.2 Version: 6.2.2 Version: 6.2.2.1 Version: 6.2.3.0 Version: 6.2.3.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:35:02.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000264"
},
{
"name": "96757",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96757"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UrbanCode Deploy",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "6.1.0.2"
},
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "6.0.1"
},
{
"status": "affected",
"version": "6.0.1.1"
},
{
"status": "affected",
"version": "6.0.1.2"
},
{
"status": "affected",
"version": "6.0.1.3"
},
{
"status": "affected",
"version": "6.0.1.4"
},
{
"status": "affected",
"version": "6.0.1.5"
},
{
"status": "affected",
"version": "6.0.1.6"
},
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.1.0.1"
},
{
"status": "affected",
"version": "6.1.0.3"
},
{
"status": "affected",
"version": "6.0.1.7"
},
{
"status": "affected",
"version": "6.0.1.8"
},
{
"status": "affected",
"version": "6.1.0.4"
},
{
"status": "affected",
"version": "6.1.1"
},
{
"status": "affected",
"version": "6.1.1.1"
},
{
"status": "affected",
"version": "6.1.1.2"
},
{
"status": "affected",
"version": "6.1.1.3"
},
{
"status": "affected",
"version": "6.1.1.4"
},
{
"status": "affected",
"version": "6.1.1.5"
},
{
"status": "affected",
"version": "6.0.1.9"
},
{
"status": "affected",
"version": "6.1.1.6"
},
{
"status": "affected",
"version": "6.1.1.7"
},
{
"status": "affected",
"version": "6.1.2"
},
{
"status": "affected",
"version": "6.0.1.10"
},
{
"status": "affected",
"version": "6.0.1.11"
},
{
"status": "affected",
"version": "6.1.1.8"
},
{
"status": "affected",
"version": "6.1.3"
},
{
"status": "affected",
"version": "6.1.3.1"
},
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.2.0.1"
},
{
"status": "affected",
"version": "6.0.1.12"
},
{
"status": "affected",
"version": "6.1.3.2"
},
{
"status": "affected",
"version": "6.2.0.2"
},
{
"status": "affected",
"version": "6.2.1"
},
{
"status": "affected",
"version": "6.0.1.13"
},
{
"status": "affected",
"version": "6.2.1.1"
},
{
"status": "affected",
"version": "6.0.1.14"
},
{
"status": "affected",
"version": "6.1.3.3"
},
{
"status": "affected",
"version": "6.2.1.2"
},
{
"status": "affected",
"version": "6.2.2"
},
{
"status": "affected",
"version": "6.2.2.1"
},
{
"status": "affected",
"version": "6.2.3.0"
},
{
"status": "affected",
"version": "6.2.3.1"
}
]
}
],
"datePublic": "2017-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy 6.1 and 6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: C1000264."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-13T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000264"
},
{
"name": "96757",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96757"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-9006",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UrbanCode Deploy",
"version": {
"version_data": [
{
"version_value": "6.1.0.2"
},
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "6.0.1.1"
},
{
"version_value": "6.0.1.2"
},
{
"version_value": "6.0.1.3"
},
{
"version_value": "6.0.1.4"
},
{
"version_value": "6.0.1.5"
},
{
"version_value": "6.0.1.6"
},
{
"version_value": "6.1"
},
{
"version_value": "6.1.0.1"
},
{
"version_value": "6.1.0.3"
},
{
"version_value": "6.0.1.7"
},
{
"version_value": "6.0.1.8"
},
{
"version_value": "6.1.0.4"
},
{
"version_value": "6.1.1"
},
{
"version_value": "6.1.1.1"
},
{
"version_value": "6.1.1.2"
},
{
"version_value": "6.1.1.3"
},
{
"version_value": "6.1.1.4"
},
{
"version_value": "6.1.1.5"
},
{
"version_value": "6.0.1.9"
},
{
"version_value": "6.1.1.6"
},
{
"version_value": "6.1.1.7"
},
{
"version_value": "6.1.2"
},
{
"version_value": "6.0.1.10"
},
{
"version_value": "6.0.1.11"
},
{
"version_value": "6.1.1.8"
},
{
"version_value": "6.1.3"
},
{
"version_value": "6.1.3.1"
},
{
"version_value": "6.2"
},
{
"version_value": "6.2.0.1"
},
{
"version_value": "6.0.1.12"
},
{
"version_value": "6.1.3.2"
},
{
"version_value": "6.2.0.2"
},
{
"version_value": "6.2.1"
},
{
"version_value": "6.0.1.13"
},
{
"version_value": "6.2.1.1"
},
{
"version_value": "6.0.1.14"
},
{
"version_value": "6.1.3.3"
},
{
"version_value": "6.2.1.2"
},
{
"version_value": "6.2.2"
},
{
"version_value": "6.2.2.1"
},
{
"version_value": "6.2.3.0"
},
{
"version_value": "6.2.3.1"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM UrbanCode Deploy 6.1 and 6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: C1000264."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg2C1000264",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000264"
},
{
"name": "96757",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96757"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-9006",
"datePublished": "2017-03-08T19:00:00",
"dateReserved": "2016-10-25T00:00:00",
"dateUpdated": "2024-08-06T02:35:02.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-6074 (GCVE-0-2014-6074)
Vulnerability from cvelistv5
Published
2014-09-10 10:00
Modified
2024-08-06 12:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
IBM UrbanCode Deploy 6.1.0.2 before IF1 allows remote authenticated users to read keystore secret keys via a direct request to a UI page.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/95726 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21683551 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/69640 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:03:02.370Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ibm-urbancodedeploy-cve20146074-keys(95726)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95726"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683551"
},
{
"name": "69640",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69640"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy 6.1.0.2 before IF1 allows remote authenticated users to read keystore secret keys via a direct request to a UI page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "ibm-urbancodedeploy-cve20146074-keys(95726)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95726"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683551"
},
{
"name": "69640",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69640"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-6074",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM UrbanCode Deploy 6.1.0.2 before IF1 allows remote authenticated users to read keystore secret keys via a direct request to a UI page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-urbancodedeploy-cve20146074-keys(95726)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95726"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21683551",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683551"
},
{
"name": "69640",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69640"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-6074",
"datePublished": "2014-09-10T10:00:00",
"dateReserved": "2014-09-02T00:00:00",
"dateUpdated": "2024-08-06T12:03:02.370Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-4964 (GCVE-0-2015-4964)
Vulnerability from cvelistv5
Published
2015-10-05 10:00
Modified
2024-08-06 06:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
IBM UrbanCode Deploy 6.0 and 6.0.1.x before 6.0.1.10, 6.1.1.x before 6.1.1.8, and 6.1.2 writes admin AUTH_TOKEN values to execution logs, which allows remote authenticated users to gain privileges by leveraging the ability to create and execute a process.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21964623 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:32:31.579Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964623"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy 6.0 and 6.0.1.x before 6.0.1.10, 6.1.1.x before 6.1.1.8, and 6.1.2 writes admin AUTH_TOKEN values to execution logs, which allows remote authenticated users to gain privileges by leveraging the ability to create and execute a process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-10-05T02:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964623"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-4964",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM UrbanCode Deploy 6.0 and 6.0.1.x before 6.0.1.10, 6.1.1.x before 6.1.1.8, and 6.1.2 writes admin AUTH_TOKEN values to execution logs, which allows remote authenticated users to gain privileges by leveraging the ability to create and execute a process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21964623",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964623"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2015-4964",
"datePublished": "2015-10-05T10:00:00",
"dateReserved": "2015-06-24T00:00:00",
"dateUpdated": "2024-08-06T06:32:31.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1752 (GCVE-0-2017-1752)
Vulnerability from cvelistv5
Published
2018-05-25 14:00
Modified
2024-09-17 02:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Obtain Information
Summary
IBM UrbanCode Deploy 6.1 and 6.2 could allow an authenticated privileged user to obtain highly sensitive information. IBM X-Force ID: 135547.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg2C1000376 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/104289 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/135547 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | UrbanCode Deploy |
Version: 6.1.0.2 Version: 6.1 Version: 6.1.0.1 Version: 6.1.0.3 Version: 6.1.0.4 Version: 6.1.1 Version: 6.1.1.1 Version: 6.1.1.2 Version: 6.1.1.3 Version: 6.1.1.4 Version: 6.1.1.5 Version: 6.1.1.6 Version: 6.1.1.7 Version: 6.1.2 Version: 6.1.1.8 Version: 6.1.3 Version: 6.1.3.1 Version: 6.2 Version: 6.2.0.1 Version: 6.1.3.2 Version: 6.2.0.2 Version: 6.2.1 Version: 6.2.1.1 Version: 6.1.3.3 Version: 6.2.1.2 Version: 6.2.2 Version: 6.2.2.1 Version: 6.2.3.0 Version: 6.2.3.1 Version: 6.1.3.4 Version: 6.1.3.5 Version: 6.2.4 Version: 6.1.3.6 Version: 6.2.4.1 Version: 6.2.4.2 Version: 6.2.5 Version: 6.2.5.1 Version: 6.1.3.7 Version: 6.1.3.8 Version: 6.2.5.2 Version: 6.2.6.0 Version: 6.2.6.1 Version: 6.2.7.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.269Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000376"
},
{
"name": "104289",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104289"
},
{
"name": "ibm-ucd-cve20171752-info-disc(135547)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/135547"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.1.0.2"
},
{
"status": "affected",
"version": "6.1"
},
{
"status": "affected",
"version": "6.1.0.1"
},
{
"status": "affected",
"version": "6.1.0.3"
},
{
"status": "affected",
"version": "6.1.0.4"
},
{
"status": "affected",
"version": "6.1.1"
},
{
"status": "affected",
"version": "6.1.1.1"
},
{
"status": "affected",
"version": "6.1.1.2"
},
{
"status": "affected",
"version": "6.1.1.3"
},
{
"status": "affected",
"version": "6.1.1.4"
},
{
"status": "affected",
"version": "6.1.1.5"
},
{
"status": "affected",
"version": "6.1.1.6"
},
{
"status": "affected",
"version": "6.1.1.7"
},
{
"status": "affected",
"version": "6.1.2"
},
{
"status": "affected",
"version": "6.1.1.8"
},
{
"status": "affected",
"version": "6.1.3"
},
{
"status": "affected",
"version": "6.1.3.1"
},
{
"status": "affected",
"version": "6.2"
},
{
"status": "affected",
"version": "6.2.0.1"
},
{
"status": "affected",
"version": "6.1.3.2"
},
{
"status": "affected",
"version": "6.2.0.2"
},
{
"status": "affected",
"version": "6.2.1"
},
{
"status": "affected",
"version": "6.2.1.1"
},
{
"status": "affected",
"version": "6.1.3.3"
},
{
"status": "affected",
"version": "6.2.1.2"
},
{
"status": "affected",
"version": "6.2.2"
},
{
"status": "affected",
"version": "6.2.2.1"
},
{
"status": "affected",
"version": "6.2.3.0"
},
{
"status": "affected",
"version": "6.2.3.1"
},
{
"status": "affected",
"version": "6.1.3.4"
},
{
"status": "affected",
"version": "6.1.3.5"
},
{
"status": "affected",
"version": "6.2.4"
},
{
"status": "affected",
"version": "6.1.3.6"
},
{
"status": "affected",
"version": "6.2.4.1"
},
{
"status": "affected",
"version": "6.2.4.2"
},
{
"status": "affected",
"version": "6.2.5"
},
{
"status": "affected",
"version": "6.2.5.1"
},
{
"status": "affected",
"version": "6.1.3.7"
},
{
"status": "affected",
"version": "6.1.3.8"
},
{
"status": "affected",
"version": "6.2.5.2"
},
{
"status": "affected",
"version": "6.2.6.0"
},
{
"status": "affected",
"version": "6.2.6.1"
},
{
"status": "affected",
"version": "6.2.7.0"
}
]
}
],
"datePublic": "2018-05-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy 6.1 and 6.2 could allow an authenticated privileged user to obtain highly sensitive information. IBM X-Force ID: 135547."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-29T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000376"
},
{
"name": "104289",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104289"
},
{
"name": "ibm-ucd-cve20171752-info-disc(135547)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/135547"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-05-22T00:00:00",
"ID": "CVE-2017-1752",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UrbanCode Deploy",
"version": {
"version_data": [
{
"version_value": "6.1.0.2"
},
{
"version_value": "6.1"
},
{
"version_value": "6.1.0.1"
},
{
"version_value": "6.1.0.3"
},
{
"version_value": "6.1.0.4"
},
{
"version_value": "6.1.1"
},
{
"version_value": "6.1.1.1"
},
{
"version_value": "6.1.1.2"
},
{
"version_value": "6.1.1.3"
},
{
"version_value": "6.1.1.4"
},
{
"version_value": "6.1.1.5"
},
{
"version_value": "6.1.1.6"
},
{
"version_value": "6.1.1.7"
},
{
"version_value": "6.1.2"
},
{
"version_value": "6.1.1.8"
},
{
"version_value": "6.1.3"
},
{
"version_value": "6.1.3.1"
},
{
"version_value": "6.2"
},
{
"version_value": "6.2.0.1"
},
{
"version_value": "6.1.3.2"
},
{
"version_value": "6.2.0.2"
},
{
"version_value": "6.2.1"
},
{
"version_value": "6.2.1.1"
},
{
"version_value": "6.1.3.3"
},
{
"version_value": "6.2.1.2"
},
{
"version_value": "6.2.2"
},
{
"version_value": "6.2.2.1"
},
{
"version_value": "6.2.3.0"
},
{
"version_value": "6.2.3.1"
},
{
"version_value": "6.1.3.4"
},
{
"version_value": "6.1.3.5"
},
{
"version_value": "6.2.4"
},
{
"version_value": "6.1.3.6"
},
{
"version_value": "6.2.4.1"
},
{
"version_value": "6.2.4.2"
},
{
"version_value": "6.2.5"
},
{
"version_value": "6.2.5.1"
},
{
"version_value": "6.1.3.7"
},
{
"version_value": "6.1.3.8"
},
{
"version_value": "6.2.5.2"
},
{
"version_value": "6.2.6.0"
},
{
"version_value": "6.2.6.1"
},
{
"version_value": "6.2.7.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM UrbanCode Deploy 6.1 and 6.2 could allow an authenticated privileged user to obtain highly sensitive information. IBM X-Force ID: 135547."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg2C1000376",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000376"
},
{
"name": "104289",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104289"
},
{
"name": "ibm-ucd-cve20171752-info-disc(135547)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/135547"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1752",
"datePublished": "2018-05-25T14:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-17T02:52:55.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22358 (GCVE-0-2024-22358)
Vulnerability from cvelistv5
Published
2024-04-12 16:53
Modified
2024-08-01 22:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-613 - Insufficient Session Expiration
Summary
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 280896.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7148109 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/280896 | vdb-entry |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | UrbanCode Deploy |
Version: 7.0 ≤ 7.0.5.20 Version: 7.1 ≤ 7.1.2.16 Version: 7.2 ≤ 7.2.3.9 Version: 7.3 ≤ 7.3.2.4 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:devops_deploy:8.0.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "devops_deploy",
"vendor": "ibm",
"versions": [
{
"lessThanOrEqual": "8.0.0.1",
"status": "affected",
"version": "8.0.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:urbancode_deploy:7.0.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "urbancode_deploy",
"vendor": "ibm",
"versions": [
{
"lessThanOrEqual": "7.0.5.20",
"status": "affected",
"version": "7.0.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "urbancode_deploy",
"vendor": "ibm",
"versions": [
{
"lessThanOrEqual": "7.1.2.16",
"status": "affected",
"version": "7.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:urbancode_deploy:7.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "urbancode_deploy",
"vendor": "ibm",
"versions": [
{
"lessThanOrEqual": "7.2.3.9",
"status": "affected",
"version": "7.2",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:urbancode_deploy:7.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "urbancode_deploy",
"vendor": "ibm",
"versions": [
{
"lessThanOrEqual": "7.3.2.4",
"status": "affected",
"version": "7.3",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22358",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-22T18:35:29.067961Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:52:37.641Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:43:34.839Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7148109"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/280896"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.0.5.20",
"status": "affected",
"version": "7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.2.16",
"status": "affected",
"version": "7.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.3.9",
"status": "affected",
"version": "7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.2.4",
"status": "affected",
"version": "7.3",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DevOps Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "8.0.0.1",
"status": "affected",
"version": "8.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 280896."
}
],
"value": "IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 280896."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-12T16:53:43.381Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7148109"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/280896"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM UrbanCode Deploy session fixation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-22358",
"datePublished": "2024-04-12T16:53:43.381Z",
"dateReserved": "2024-01-08T23:42:36.758Z",
"dateUpdated": "2024-08-01T22:43:34.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-54176 (GCVE-0-2024-54176)
Vulnerability from cvelistv5
Published
2025-02-08 16:15
Modified
2025-02-22 22:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-306 - Missing Authentication for Critical Function
Summary
IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 and IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14 and 7.3 through 7.3.2 could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7182840 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | UrbanCode Deploy |
Version: 7.0 ≤ 7.0.5.25 Version: 7.1 ≤ 7.1.2.21 Version: 7.2 ≤ 7.2.3.14 Version: 7.3 ≤ 7.3.2.9 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-54176",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T13:37:45.492103Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T20:51:42.046Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.0.5.25",
"status": "affected",
"version": "7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.2.21",
"status": "affected",
"version": "7.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.3.14",
"status": "affected",
"version": "7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.2.9",
"status": "affected",
"version": "7.3",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DevOps Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "8.0.1.4",
"status": "affected",
"version": "8.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.1.0.0",
"status": "affected",
"version": "8.1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 and IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14 and 7.3 through 7.3.2 could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function."
}
],
"value": "IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 and IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14 and 7.3 through 7.3.2 could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-22T22:12:32.094Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7182840"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM UrbanCode Deploy missing authentication",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-54176",
"datePublished": "2025-02-08T16:15:40.041Z",
"dateReserved": "2024-11-30T14:47:55.533Z",
"dateUpdated": "2025-02-22T22:12:32.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4202 (GCVE-0-2020-4202)
Vulnerability from cvelistv5
Published
2020-04-23 13:10
Modified
2024-09-16 21:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Gain Privileges
Summary
IBM UrbanCode Deploy (UCD) 7.0.3.0 and 7.0.4.0 could allow an authenticated user to impersonate another user if the server is configured to enable Distributed Front End (DFE). IBM X-Force ID: 174955.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6195701 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/174955 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | UrbanCode Deploy |
Version: 7.0.3.0 Version: 7.0.4.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:00:07.080Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6195701"
},
{
"name": "ibm-ucd-cve20204202-priv-escalation (174955)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174955"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.3.0"
},
{
"status": "affected",
"version": "7.0.4.0"
}
]
}
],
"datePublic": "2020-04-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 7.0.3.0 and 7.0.4.0 could allow an authenticated user to impersonate another user if the server is configured to enable Distributed Front End (DFE). IBM X-Force ID: 174955."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.4,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/S:U/AV:N/UI:N/C:L/A:L/I:L/PR:L/AC:H/RL:O/RC:C/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-23T13:10:23",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6195701"
},
{
"name": "ibm-ucd-cve20204202-priv-escalation (174955)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174955"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-04-21T00:00:00",
"ID": "CVE-2020-4202",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UrbanCode Deploy",
"version": {
"version_data": [
{
"version_value": "7.0.3.0"
},
{
"version_value": "7.0.4.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM UrbanCode Deploy (UCD) 7.0.3.0 and 7.0.4.0 could allow an authenticated user to impersonate another user if the server is configured to enable Distributed Front End (DFE). IBM X-Force ID: 174955."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "L",
"AC": "H",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6195701",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6195701 (UrbanCode Deploy)",
"url": "https://www.ibm.com/support/pages/node/6195701"
},
{
"name": "ibm-ucd-cve20204202-priv-escalation (174955)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174955"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4202",
"datePublished": "2020-04-23T13:10:23.439424Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T21:04:17.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22334 (GCVE-0-2024-22334)
Vulnerability from cvelistv5
Published
2024-04-12 16:41
Modified
2024-08-01 22:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Summary
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. When deleting a custom security type, associated permissions of objects using that type may not be fully revoked. This could lead to incorrect reporting of permission configuration and unexpected privileges being retained. IBM X-Force ID: 279974.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7148112 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/279974 | vdb-entry |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | UrbanCode Deploy |
Version: 7.0 ≤ 7.0.5.20 Version: 7.1 ≤ 7.1.2.16 Version: 7.2 ≤ 7.2.3.9 Version: 7.3 ≤ 7.3.2.4 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22334",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-12T19:03:41.539321Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:52:36.794Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:43:34.546Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7148112"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279974"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.0.5.20",
"status": "affected",
"version": "7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.2.16",
"status": "affected",
"version": "7.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.3.9",
"status": "affected",
"version": "7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.2.4",
"status": "affected",
"version": "7.3",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DevOps Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "8.0.0.1",
"status": "affected",
"version": "8.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. When deleting a custom security type, associated permissions of objects using that type may not be fully revoked. This could lead to incorrect reporting of permission configuration and unexpected privileges being retained. IBM X-Force ID: 279974."
}
],
"value": "IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. When deleting a custom security type, associated permissions of objects using that type may not be fully revoked. This could lead to incorrect reporting of permission configuration and unexpected privileges being retained. IBM X-Force ID: 279974."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-12T16:41:15.797Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7148112"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279974"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM UrbanCode Deploy improper privilege control",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-22334",
"datePublished": "2024-04-12T16:41:15.797Z",
"dateReserved": "2024-01-08T23:42:17.266Z",
"dateUpdated": "2024-08-01T22:43:34.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-4667 (GCVE-0-2019-4667)
Vulnerability from cvelistv5
Published
2020-05-11 17:20
Modified
2024-09-17 01:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Obtain Information
Summary
IBM UrbanCode Deploy (UCD) 7.0.5.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 171249.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6208076 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/171249 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | UrbanCode Deploy |
Version: 7.0.5.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:40:48.703Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6208076"
},
{
"name": "ibm-ucd-cve20194667-info-disc (171249)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/171249"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.5.2"
}
]
}
],
"datePublic": "2020-05-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 7.0.5.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 171249."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/S:U/PR:N/A:N/I:N/AC:H/UI:N/C:H/RC:C/RL:O/E:U",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-11T17:20:13",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6208076"
},
{
"name": "ibm-ucd-cve20194667-info-disc (171249)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/171249"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-05-08T00:00:00",
"ID": "CVE-2019-4667",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UrbanCode Deploy",
"version": {
"version_data": [
{
"version_value": "7.0.5.2"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM UrbanCode Deploy (UCD) 7.0.5.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 171249."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "H",
"I": "N",
"PR": "N",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6208076",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6208076 (UrbanCode Deploy)",
"url": "https://www.ibm.com/support/pages/node/6208076"
},
{
"name": "ibm-ucd-cve20194667-info-disc (171249)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/171249"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2019-4667",
"datePublished": "2020-05-11T17:20:13.168556Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-17T01:46:22.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-0364 (GCVE-0-2016-0364)
Vulnerability from cvelistv5
Published
2016-07-01 01:00
Modified
2024-08-05 22:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 does not properly implement a logging-obfuscation feature for secure properties, which allows remote authenticated users to obtain sensitive information via vectors involving special characters.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg2C1000152 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:15:24.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg2C1000152"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 does not properly implement a logging-obfuscation feature for secure properties, which allows remote authenticated users to obtain sensitive information via vectors involving special characters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-07-01T01:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg2C1000152"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-0364",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 does not properly implement a logging-obfuscation feature for secure properties, which allows remote authenticated users to obtain sensitive information via vectors involving special characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg2C1000152",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg2C1000152"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-0364",
"datePublished": "2016-07-01T01:00:00",
"dateReserved": "2015-12-08T00:00:00",
"dateUpdated": "2024-08-05T22:15:24.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4483 (GCVE-0-2020-4483)
Vulnerability from cvelistv5
Published
2020-11-06 13:40
Modified
2024-09-16 18:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Obtain Information
Summary
IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181857.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6360835 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/181857 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | UrbanCode Deploy |
Version: 6.2.7.3 Version: 7.0.3.0 Version: 7.0.4.0 Version: 6.2.7.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:07:49.006Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6360835"
},
{
"name": "ibm-ucd-cve20204483-info-disc (181857)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181857"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.2.7.3"
},
{
"status": "affected",
"version": "7.0.3.0"
},
{
"status": "affected",
"version": "7.0.4.0"
},
{
"status": "affected",
"version": "6.2.7.4"
}
]
}
],
"datePublic": "2020-11-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181857."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/PR:L/I:N/AC:L/C:L/AV:N/UI:N/S:U/A:N/RC:C/E:U/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-06T13:40:19",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6360835"
},
{
"name": "ibm-ucd-cve20204483-info-disc (181857)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181857"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2020-11-05T00:00:00",
"ID": "CVE-2020-4483",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UrbanCode Deploy",
"version": {
"version_data": [
{
"version_value": "6.2.7.3"
},
{
"version_value": "7.0.3.0"
},
{
"version_value": "7.0.4.0"
},
{
"version_value": "6.2.7.4"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181857."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6360835",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6360835 (UrbanCode Deploy)",
"url": "https://www.ibm.com/support/pages/node/6360835"
},
{
"name": "ibm-ucd-cve20204483-info-disc (181857)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181857"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2020-4483",
"datePublished": "2020-11-06T13:40:19.112204Z",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-09-16T18:39:30.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22366 (GCVE-0-2022-22366)
Vulnerability from cvelistv5
Published
2022-07-01 18:00
Modified
2024-09-16 19:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Obtain Information
Summary
IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 22106.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6600065 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/221006 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | UrbanCode Deploy |
Version: 6.2.7.15 Version: 7.0.5.10 Version: 7.1.2.6 Version: 7.2.2.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:14:54.756Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6600065"
},
{
"name": "ibm-ucd-cve202222366-info-disc (221006)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/221006"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.2.7.15"
},
{
"status": "affected",
"version": "7.0.5.10"
},
{
"status": "affected",
"version": "7.1.2.6"
},
{
"status": "affected",
"version": "7.2.2.1"
}
]
}
],
"datePublic": "2022-06-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 22106."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 4.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/C:H/UI:N/I:N/A:N/AV:N/PR:H/AC:L/S:U/E:U/RL:O/RC:C",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-01T18:00:24",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/pages/node/6600065"
},
{
"name": "ibm-ucd-cve202222366-info-disc (221006)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/221006"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2022-06-30T00:00:00",
"ID": "CVE-2022-22366",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UrbanCode Deploy",
"version": {
"version_data": [
{
"version_value": "6.2.7.15"
},
{
"version_value": "7.0.5.10"
},
{
"version_value": "7.1.2.6"
},
{
"version_value": "7.2.2.1"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 22106."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "H",
"I": "N",
"PR": "H",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/pages/node/6600065",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 6600065 (UrbanCode Deploy)",
"url": "https://www.ibm.com/support/pages/node/6600065"
},
{
"name": "ibm-ucd-cve202222366-info-disc (221006)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/221006"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2022-22366",
"datePublished": "2022-07-01T18:00:24.317157Z",
"dateReserved": "2022-01-03T00:00:00",
"dateUpdated": "2024-09-16T19:55:50.353Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-51472 (GCVE-0-2024-51472)
Vulnerability from cvelistv5
Published
2025-01-06 16:38
Modified
2025-08-27 21:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Summary
IBM UrbanCode Deploy (UCD) 7.2 through 7.2.3.13, 7.3 through 7.3.2.8, and IBM DevOps Deploy 8.0 through 8.0.1.3 are vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | DevOps Deploy |
Version: 8.0 ≤ 8.0.1.3 cpe:2.3:a:ibm:devops_deploy:8.0.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:devops_deploy:8.0.1.3:*:*:*:*:*:*:* |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-51472",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-06T17:09:43.342273Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T21:33:04.984Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:devops_deploy:8.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:devops_deploy:8.0.1.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "DevOps Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "8.0.1.3",
"status": "affected",
"version": "8.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:urbancode_deploy:7.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.2.3.13:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.3.2.8:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.2.3.13",
"status": "affected",
"version": "7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.2.8",
"status": "affected",
"version": "7.3",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n IBM UrbanCode Deploy (UCD) 7.2 through 7.2.3.13, 7.3 through 7.3.2.8, and IBM DevOps Deploy 8.0 through 8.0.1.3 are vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.\u003c/span\u003e"
}
],
"value": "IBM UrbanCode Deploy (UCD) 7.2 through 7.2.3.13, 7.3 through 7.3.2.8, and IBM DevOps Deploy 8.0 through 8.0.1.3 are vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-06T16:38:11.973Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7177856"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM DevOps Deploy / IBM UrbanCode Deploy HTML injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-51472",
"datePublished": "2025-01-06T16:38:11.973Z",
"dateReserved": "2024-10-28T10:50:18.700Z",
"dateUpdated": "2025-08-27T21:33:04.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8900 (GCVE-0-2014-8900)
Vulnerability from cvelistv5
Published
2017-08-28 15:00
Modified
2024-08-06 13:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site request forgery (CSRF) vulnerability in IBM UrbanCode Release 6.0.1.6 and earlier, 6.1.0.7 and earlier, and 6.1.1.1 and earlier.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21695293 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/72900 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:33:12.792Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695293"
},
{
"name": "72900",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72900"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in IBM UrbanCode Release 6.0.1.6 and earlier, 6.1.0.7 and earlier, and 6.1.1.1 and earlier."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T14:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695293"
},
{
"name": "72900",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72900"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2014-8900",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in IBM UrbanCode Release 6.0.1.6 and earlier, 6.1.0.7 and earlier, and 6.1.1.1 and earlier."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21695293",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695293"
},
{
"name": "72900",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72900"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2014-8900",
"datePublished": "2017-08-28T15:00:00",
"dateReserved": "2014-11-14T00:00:00",
"dateUpdated": "2024-08-06T13:33:12.792Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1998 (GCVE-0-2025-1998)
Vulnerability from cvelistv5
Published
2025-03-27 14:41
Modified
2025-09-01 01:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Summary
IBM UrbanCode Deploy (UCD) through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1
stores potentially sensitive authentication token information in log files that could be read by a local user.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7229034 | vendor-advisory, patch |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | UrbanCode Deploy |
Version: 7.1 ≤ 7.1.2.21 Version: 7.2 ≤ 7.2.3.14 Version: 7.3 ≤ 7.3.2.9 cpe:2.3:a:ibm:urbancode_deploy:7.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.0.5.25:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.1.2.21:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.2.3.14:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:urbancode_deploy:7.3.2.9:*:*:*:*:*:*:* |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1998",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T15:08:01.432262Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T15:08:08.468Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:urbancode_deploy:7.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.0.5.25:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.1.2.21:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.2.3.14:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:urbancode_deploy:7.3.2.9:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "UrbanCode Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.1.2.21",
"status": "affected",
"version": "7.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.3.14",
"status": "affected",
"version": "7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3.2.9",
"status": "affected",
"version": "7.3",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:devops_deploy:8.0.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:devops_deploy:8.0.1.4:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:devops_deploy:8.1.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "DevOps Deploy",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "8.0.1.4",
"status": "affected",
"version": "8.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM UrbanCode Deploy (UCD) through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003estores potentially sensitive authentication token information in log files that could be read by a local user.\u003c/span\u003e"
}
],
"value": "IBM UrbanCode Deploy (UCD) through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 \n\nstores potentially sensitive authentication token information in log files that could be read by a local user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-01T01:01:35.057Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7229034"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM UrbanCode Deploy (UCD) / IBM DevOps Deploy information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-1998",
"datePublished": "2025-03-27T14:41:56.148Z",
"dateReserved": "2025-03-05T16:10:35.455Z",
"dateUpdated": "2025-09-01T01:01:35.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2018-01-09 20:29
Modified
2024-11-21 03:21
Severity ?
Summary
IBM UrbanCode Deploy (UCD) 6.1 and 6.2 could allow an authenticated user to edit objects that they should not have access to due to improper access controls. IBM X-Force ID: 128691.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg2C1000367 | Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/102483 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/128691 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg2C1000367 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102483 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/128691 | VDB Entry, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7AF8BEEC-5F93-424B-94F6-622B9BA84CDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E6CFA4-8FD7-4106-800C-BE84B63D3E5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F59AC6D5-1F06-4EC4-BD36-6FA5221AE611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D7ED1843-E659-4931-8E08-8867D4286A18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F9BA86C9-0A31-4EBB-B73E-346D6C425988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70E082B0-B404-4E5E-9FC7-2B0B6F363A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1A5583AF-A3CE-4AEE-8D0F-5E0FE22BC3B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "054A3ED4-290A-484D-9F51-93A71968CAA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7C5B4753-3685-4088-A4B1-C4AE58C11F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "32732445-6761-40F0-836B-E7EAC9B9239B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EF8034DC-C20D-4972-AFBA-D3EBF8664164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5409F075-5268-476E-BEFE-2B93C8BB2870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F43800F6-328E-4481-B6AE-44A50F368314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A0A50D-547C-4508-8D6C-DBE26D0CEEF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E3BCD23-4033-443D-B2D5-CAF69FCD22D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1A72039-925C-48AE-8012-BA6AEE659D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "57A488B1-1221-46C4-B97D-B895368E3A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AF8D9BF8-E9DD-4967-86CE-DE2A6FF6DADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA01FF4-83A4-48FA-B82B-7C7C230352FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1E9E7C93-6588-47B8-AED6-E5CF7F83E112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "74E04841-5463-4246-AFEB-8DEDCACF4102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CFD390D-531E-4BC7-B9D4-74208E153F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EFBFBFFE-8E24-48C0-87D7-6E6D3017C79B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "93406315-DD19-45E5-84EE-B5D8F0A903D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.0.201:*:*:*:*:*:*:*",
"matchCriteriaId": "DAC97896-4190-4290-8176-00437F1E8864",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8BA5D2B7-C228-4095-BD4F-E935175B4A22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "61F991AF-CD34-4307-85B0-58107E4CE1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D704D2D-A935-4E01-8FCC-67150856BEB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "10965BD8-F6EB-43D7-BFE9-CDB08A1E70CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "456DB48D-39E4-4F66-BEC4-1B7B135214BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "248B80C9-EF09-497E-8481-4BE687DF613D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7E55B00-5117-4297-A17B-EEBD370D181B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4ADCBC87-4287-4646-9428-EDC2892EF2BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A8E3178D-CE44-4F78-8D56-4F712D268E3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A55891BF-C81C-4B02-A23A-9BB789B575A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC929A62-D0D0-4FBA-97EC-120DCAB8B943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D81D56D2-D22C-4CE7-AEE7-ADBA5743061C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03683053-D363-4F5D-AB6D-958D9F5B2195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "31153960-56E6-4ADF-BE51-BC07D57D45B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "948D1BD4-C191-4039-962B-530C2B71DF77",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 6.1 and 6.2 could allow an authenticated user to edit objects that they should not have access to due to improper access controls. IBM X-Force ID: 128691."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy (UCD) 6.1 y 6.2 podr\u00eda permitir que un usuario autenticado edite objetos a los que no deber\u00eda tener acceso, debido a controles de acceso incorrectos. IBM X-Force ID: 128691."
}
],
"id": "CVE-2017-1493",
"lastModified": "2024-11-21T03:21:58.060",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-09T20:29:00.240",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000367"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102483"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128691"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000367"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102483"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128691"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-06 17:15
Modified
2025-06-20 18:09
Severity ?
3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
IBM UrbanCode Deploy (UCD) 7.2 through 7.2.3.13, 7.3 through 7.3.2.8, and IBM DevOps Deploy 8.0 through 8.0.1.3 are vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7177856 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | devops_deploy | * | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:devops_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF7EAB3A-064E-4815-931B-87BC203E32B3",
"versionEndIncluding": "8.0.1.3",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9B8C275-D9C0-4C4F-8039-9E86E894FED8",
"versionEndIncluding": "7.2.3.13",
"versionStartIncluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59D32AFE-8152-4417-868D-382DF5D3DD52",
"versionEndIncluding": "7.3.2.8",
"versionStartIncluding": "7.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 7.2 through 7.2.3.13, 7.3 through 7.3.2.8, and IBM DevOps Deploy 8.0 through 8.0.1.3 are vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy (UCD) 7.2 a 7.2.3.13, 7.3 a 7.3.2.8 e IBM DevOps Deploy 8.0 a 8.0.1.3 son vulnerables a la inyecci\u00f3n de HTML. Esta vulnerabilidad puede permitir que un usuario incorpore etiquetas HTML arbitrarias en la interfaz de usuario web, lo que podr\u00eda provocar la divulgaci\u00f3n de informaci\u00f3n confidencial."
}
],
"id": "CVE-2024-51472",
"lastModified": "2025-06-20T18:09:43.640",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-01-06T17:15:38.517",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7177856"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-80"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-04 14:15
Modified
2024-11-21 08:19
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
IBM UrbanCode Deploy (UCD) 7.1 - 7.1.2.12, 7.2 through 7.2.3.5, and 7.3 through 7.3.2.0 under certain configurations could allow an authenticated user to make changes to environment variables due to improper authentication controls. IBM X-Force ID: 263581.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/263581 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7037230 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/263581 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7037230 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "215A6CF7-48C2-43CF-BFF6-DCD7FD929302",
"versionEndIncluding": "7.1.2.12",
"versionStartIncluding": "7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "188ECAF4-C4CA-46FC-9114-A896F2EC9B92",
"versionEndIncluding": "7.2.3.5",
"versionStartIncluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D42E7FF1-C98A-4781-B966-17DCE2BDBF4D",
"versionEndIncluding": "7.3.2.0",
"versionStartIncluding": "7.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 7.1 - 7.1.2.12, 7.2 through 7.2.3.5, and 7.3 through 7.3.2.0 under certain configurations could allow an authenticated user to make changes to environment variables due to improper authentication controls. IBM X-Force ID: 263581."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy (UCD) versiones 7.1 - 7.1.2.12, 7.2 a 7.2.3.5 y 7.3 a 7.3.2.0 en determinadas configuraciones podr\u00eda permitir que un usuario autenticado realice cambios en las variables de entorno debido a controles de autenticaci\u00f3n inadecuados. ID de IBM X-Force: 263581."
}
],
"id": "CVE-2023-40376",
"lastModified": "2024-11-21T08:19:19.780",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-04T14:15:10.793",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/263581"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7037230"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/263581"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7037230"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-06 17:15
Modified
2024-11-21 08:56
Severity ?
6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.19, 7.1 through 7.1.2.15, 7.2 through 7.2.3.8, 7.3 through 7.3.2.3, and IBM UrbanCode Deploy (UCD) - IBM DevOps Deploy 8.0.0.0 could disclose sensitive user information when installing the Windows agent. IBM X-Force ID: 279971.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/279971 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7114131 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/279971 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7114131 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * | |
| ibm | devops_deploy | 8.0.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0066D057-DE83-47B2-A15A-40DEA06A0E1A",
"versionEndExcluding": "7.0.5.20",
"versionStartIncluding": "7.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF5E5893-943A-416E-8B15-8E12D96F7220",
"versionEndExcluding": "7.1.2.16",
"versionStartIncluding": "7.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11CA78A1-2DEF-4A93-8523-D99B9906C907",
"versionEndExcluding": "7.2.3.9",
"versionStartIncluding": "7.2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BFB6EF69-8B26-485C-869C-3AFB2C9B748D",
"versionEndExcluding": "7.3.2.4",
"versionStartIncluding": "7.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:devops_deploy:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1E0E8B66-737C-4046-872D-48ED6E13D0D4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.19, 7.1 through 7.1.2.15, 7.2 through 7.2.3.8, 7.3 through 7.3.2.3, and IBM UrbanCode Deploy (UCD) - IBM DevOps Deploy 8.0.0.0 could disclose sensitive user information when installing the Windows agent. IBM X-Force ID: 279971."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy (UCD) 7.0 a 7.0.5.19, 7.1 a 7.1.2.15, 7.2 a 7.2.3.8, 7.3 a 7.3.2.3 e IBM UrbanCode Deploy (UCD): IBM DevOps Deploy 8.0.0.0 podr\u00eda revelar informaci\u00f3n confidencial del usuario cuando instalar el agente de Windows. ID de IBM X-Force: 279971."
}
],
"id": "CVE-2024-22331",
"lastModified": "2024-11-21T08:56:04.093",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-06T17:15:10.740",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279971"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7114131"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279971"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7114131"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-01 22:59
Modified
2025-04-20 01:37
Severity ?
Summary
IBM UrbanCode Deploy could allow an authenticated user with access to the REST endpoints to access API and CLI getResource secured role properties.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg2C1000229 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/95290 | Technical Description, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg2C1000229 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95290 | Technical Description, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B6C176CC-51F9-4C53-B0F8-D0E0A5387CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4BEE7852-A76C-4085-B14D-8BA67D825A8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C35B3347-EE12-4E84-92D9-533DA7F1581E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "32C10FFF-250A-4530-B631-1B1DAA3B4BC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DE176DE5-BB60-4999-A2B4-D93C8AB776DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "751113D0-7085-4AE7-8F39-292293F297FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "31217ED6-C154-49CF-BD65-C272D630F58A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1F69D247-B168-40EC-BA4B-1C50879B64BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1894FAF3-1E8E-4A4F-9044-B9176CB2BD1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C822B4AB-4032-4BEB-A413-A80398A28EAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FF310F06-6674-470E-B258-4DF042B1FA68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AEF92016-8494-4EBE-A32F-A123C1517F63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "744A36AB-5BC8-4FE1-BB91-9BC3019EBB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A4535B6A-0791-4855-BED4-01A8279F4930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C108D461-F391-491B-B1B4-AEB3155C2196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5A66AD80-303B-44B0-B773-701503F5B7E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7AF8BEEC-5F93-424B-94F6-622B9BA84CDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E6CFA4-8FD7-4106-800C-BE84B63D3E5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5DE72929-3618-4341-83DC-E4A006EE3D0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F59AC6D5-1F06-4EC4-BD36-6FA5221AE611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D7ED1843-E659-4931-8E08-8867D4286A18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6082BBED-6184-4173-BF5A-5B536FADBB39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70E082B0-B404-4E5E-9FC7-2B0B6F363A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1A5583AF-A3CE-4AEE-8D0F-5E0FE22BC3B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "054A3ED4-290A-484D-9F51-93A71968CAA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7C5B4753-3685-4088-A4B1-C4AE58C11F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "32732445-6761-40F0-836B-E7EAC9B9239B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EF8034DC-C20D-4972-AFBA-D3EBF8664164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5409F075-5268-476E-BEFE-2B93C8BB2870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F43800F6-328E-4481-B6AE-44A50F368314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A0A50D-547C-4508-8D6C-DBE26D0CEEF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E3BCD23-4033-443D-B2D5-CAF69FCD22D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1A72039-925C-48AE-8012-BA6AEE659D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "57A488B1-1221-46C4-B97D-B895368E3A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AF8D9BF8-E9DD-4967-86CE-DE2A6FF6DADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CFD390D-531E-4BC7-B9D4-74208E153F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EFBFBFFE-8E24-48C0-87D7-6E6D3017C79B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "93406315-DD19-45E5-84EE-B5D8F0A903D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C970147-39E9-4CCC-9FDE-B70546941323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "61F991AF-CD34-4307-85B0-58107E4CE1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "104066B9-7D5C-44FA-8745-DBD019761AC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "456DB48D-39E4-4F66-BEC4-1B7B135214BA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy could allow an authenticated user with access to the REST endpoints to access API and CLI getResource secured role properties."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy podr\u00eda permitir a un usuario autenticado con acceso a los extremos REST acceder a las propiedades de la funci\u00f3n segura API y CLI getResource."
}
],
"id": "CVE-2016-6068",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-01T22:59:00.633",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000229"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Technical Description",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95290"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000229"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95290"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-30 16:15
Modified
2024-11-21 05:33
Severity ?
Summary
IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 190908.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/190908 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6437565 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/190908 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6437565 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | urbancode_deploy | 6.2.7.9 | |
| ibm | urbancode_deploy | 7.0.5.4 | |
| ibm | urbancode_deploy | 7.1.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5F5AE3F1-726A-4540-BF4D-8CF893AC839D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:7.0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AA08FD96-2B25-4CBF-9DBF-5A42F2F0A51E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF7BB82D-448E-4FF3-AB77-D9B69E12C81A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 190908."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy (UCD) versiones 6.2.7.9, 7.0.5.4 y 7.1.1.1, almacena las credenciales de usuario en texto plano que puede leer un usuario local.\u0026#xa0;ID de IBM X-Force: 190908."
}
],
"id": "CVE-2020-4884",
"lastModified": "2024-11-21T05:33:22.060",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-30T16:15:14.897",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190908"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6437565"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190908"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6437565"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-21 01:15
Modified
2025-01-29 21:12
Severity ?
6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.24, 7.1 through 7.1.2.10, and 7.2 through 7.2.3.13 stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7177857 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80511D31-6C51-4924-8A5B-6EBB0143D71A",
"versionEndExcluding": "7.0.5.25",
"versionStartIncluding": "7.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "155FEF34-86B4-4EF4-AFAD-FBE683C47A1F",
"versionEndExcluding": "7.1.2.21",
"versionStartIncluding": "7.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6443A5C-D341-4460-8002-786B754569A1",
"versionEndExcluding": "7.2.3.14",
"versionStartIncluding": "7.2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.24, 7.1 through 7.1.2.10, and 7.2 through 7.2.3.13 stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy (UCD) 7.0 a 7.0.5.24, 7.1 a 7.1.2.10 y 7.2 a 7.2.3.13 almacena informaci\u00f3n potencialmente confidencial en archivos de registro que podr\u00edan ser le\u00eddos por un usuario local con acceso a los registros de solicitudes HTTP."
}
],
"id": "CVE-2024-45091",
"lastModified": "2025-01-29T21:12:41.107",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-01-21T01:15:07.890",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7177857"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-07-01 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1, when agent-relay Codestation artifact caching is enabled, allows remote attackers to bypass authentication and obtain sensitive artifact information via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B6C176CC-51F9-4C53-B0F8-D0E0A5387CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "49D22F1E-6827-4343-BD5E-376710FF9A50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C35B3347-EE12-4E84-92D9-533DA7F1581E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "32C10FFF-250A-4530-B631-1B1DAA3B4BC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DE176DE5-BB60-4999-A2B4-D93C8AB776DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "751113D0-7085-4AE7-8F39-292293F297FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "31217ED6-C154-49CF-BD65-C272D630F58A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1F69D247-B168-40EC-BA4B-1C50879B64BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1894FAF3-1E8E-4A4F-9044-B9176CB2BD1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C822B4AB-4032-4BEB-A413-A80398A28EAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FF310F06-6674-470E-B258-4DF042B1FA68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AEF92016-8494-4EBE-A32F-A123C1517F63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "744A36AB-5BC8-4FE1-BB91-9BC3019EBB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A4535B6A-0791-4855-BED4-01A8279F4930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7AF8BEEC-5F93-424B-94F6-622B9BA84CDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E6CFA4-8FD7-4106-800C-BE84B63D3E5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5DE72929-3618-4341-83DC-E4A006EE3D0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F59AC6D5-1F06-4EC4-BD36-6FA5221AE611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D7ED1843-E659-4931-8E08-8867D4286A18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F9BA86C9-0A31-4EBB-B73E-346D6C425988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70E082B0-B404-4E5E-9FC7-2B0B6F363A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1A5583AF-A3CE-4AEE-8D0F-5E0FE22BC3B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "054A3ED4-290A-484D-9F51-93A71968CAA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7C5B4753-3685-4088-A4B1-C4AE58C11F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "32732445-6761-40F0-836B-E7EAC9B9239B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EF8034DC-C20D-4972-AFBA-D3EBF8664164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5409F075-5268-476E-BEFE-2B93C8BB2870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F43800F6-328E-4481-B6AE-44A50F368314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A0A50D-547C-4508-8D6C-DBE26D0CEEF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E3BCD23-4033-443D-B2D5-CAF69FCD22D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1A72039-925C-48AE-8012-BA6AEE659D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "57A488B1-1221-46C4-B97D-B895368E3A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CFD390D-531E-4BC7-B9D4-74208E153F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EFBFBFFE-8E24-48C0-87D7-6E6D3017C79B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "93406315-DD19-45E5-84EE-B5D8F0A903D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C970147-39E9-4CCC-9FDE-B70546941323",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1, when agent-relay Codestation artifact caching is enabled, allows remote attackers to bypass authentication and obtain sensitive artifact information via unspecified vectors."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy 6.0.x en versiones anteriores a 6.0.1.13, 6.1.x en versiones anteriores a 6.1.3.3 y 6.2.x en versiones anteriores a 6.2.1.1, cuando el artefacto en cach\u00e9 Codestation de agente de retransmision est\u00e1 habilitado, permite a atacantes remotos eludir autenticaci\u00f3n y obtener informaci\u00f3n sensible del artefacto a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2016-0365",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-07-01T01:59:02.107",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg2C1000149"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/91526"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg2C1000149"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/91526"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-23 15:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM UrbanCode Deploy (UCD) 7.0.4.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 171250.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/171250 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6195699 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/171250 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6195699 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | urbancode_deploy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF96AC74-01DA-49F1-A61D-F2A6730CBDB1",
"versionEndExcluding": "7.0.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 7.0.4.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 171250."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy (UCD) versi\u00f3n 7.0.4.0, almacena las credenciales de usuario en texto plano que puede ser le\u00eddas por un usuario local. ID de IBM X-Force: 171250."
}
],
"id": "CVE-2019-4668",
"lastModified": "2024-11-21T04:43:57.183",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-23T15:15:12.637",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/171250"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6195699"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/171250"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6195699"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-27 18:15
Modified
2024-11-21 06:46
Severity ?
Summary
IBM UrbanCode Deploy (UCD) 7.2.2.1 could allow an authenticated user with special permissions to obtain elevated privileges due to improper handling of permissions. IBM X-Force ID: 217955.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/217955 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6575143 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/217955 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6575143 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F00130A-DFD7-405A-BE01-77FDD3034B92",
"versionEndExcluding": "6.2.7.15",
"versionStartIncluding": "6.2.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F514156-DCCE-45DB-8E77-EB198945E877",
"versionEndExcluding": "7.0.5.10",
"versionStartIncluding": "7.0.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B2C74BC7-1508-42DC-AEA1-2D3013ED8302",
"versionEndExcluding": "7.1.2.6",
"versionStartIncluding": "7.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9F1F9365-4625-423D-A032-2D6908A819B4",
"versionEndExcluding": "7.2.2.1",
"versionStartIncluding": "7.2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 7.2.2.1 could allow an authenticated user with special permissions to obtain elevated privileges due to improper handling of permissions. IBM X-Force ID: 217955."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy (UCD) versi\u00f3n 7.2.2.1, podr\u00eda permitir a un usuario autenticado con permisos especiales obtener altos privilegios debido a un manejo inapropiado de permisos. IBM X-Force ID: 217955"
}
],
"id": "CVE-2022-22315",
"lastModified": "2024-11-21T06:46:37.567",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 3.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-27T18:15:07.727",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/217955"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6575143"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/217955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6575143"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-07-08 16:15
Modified
2024-11-21 06:01
Severity ?
Summary
IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 6.2.7.8 , 6.2.7.9, 7.0.3.0, 7.0.4.0, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2 could allow an authenticated user with certain permissions to initiate an agent upgrade through the CLI interface. IBM X-Force ID: 200965.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/200965 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6469941 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/200965 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6469941 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | urbancode_deploy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C38CD99-24EC-401C-A541-726E76F9367C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 6.2.7.8 , 6.2.7.9, 7.0.3.0, 7.0.4.0, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2 could allow an authenticated user with certain permissions to initiate an agent upgrade through the CLI interface. IBM X-Force ID: 200965."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy (UCD) versiones 6.2.7.3, 6.2.7.4, 6.2.7.8 , 6.2.7.9, 7.0.3.0, 7.0.4.0, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1 y 7.1.1.2, podr\u00edan permitir a un usuario autenticado con determinados permisos iniciar una actualizaci\u00f3n de agente mediante la interfaz CLI. IBM X-Force ID: 200965"
}
],
"id": "CVE-2021-29711",
"lastModified": "2024-11-21T06:01:40.760",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-08T16:15:08.423",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200965"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6469941"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/200965"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6469941"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-10-06 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
IBM UrbanCode Deploy 6.0 and 6.0.1.x before 6.0.1.10, 6.1.1.x before 6.1.1.8, and 6.1.2 writes admin AUTH_TOKEN values to execution logs, which allows remote authenticated users to gain privileges by leveraging the ability to create and execute a process.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg21964623 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21964623 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | urbancode_deploy | 6.0 | |
| ibm | urbancode_deploy | 6.0.1.0 | |
| ibm | urbancode_deploy | 6.0.1.1 | |
| ibm | urbancode_deploy | 6.0.1.2 | |
| ibm | urbancode_deploy | 6.0.1.3 | |
| ibm | urbancode_deploy | 6.0.1.4 | |
| ibm | urbancode_deploy | 6.0.1.5 | |
| ibm | urbancode_deploy | 6.0.1.6 | |
| ibm | urbancode_deploy | 6.0.1.7 | |
| ibm | urbancode_deploy | 6.0.1.8 | |
| ibm | urbancode_deploy | 6.0.1.9 | |
| ibm | urbancode_deploy | 6.1.1.0 | |
| ibm | urbancode_deploy | 6.1.1.1 | |
| ibm | urbancode_deploy | 6.1.1.2 | |
| ibm | urbancode_deploy | 6.1.1.3 | |
| ibm | urbancode_deploy | 6.1.1.4 | |
| ibm | urbancode_deploy | 6.1.1.5 | |
| ibm | urbancode_deploy | 6.1.1.6 | |
| ibm | urbancode_deploy | 6.1.1.7 | |
| ibm | urbancode_deploy | 6.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B6C176CC-51F9-4C53-B0F8-D0E0A5387CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "49D22F1E-6827-4343-BD5E-376710FF9A50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C35B3347-EE12-4E84-92D9-533DA7F1581E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "32C10FFF-250A-4530-B631-1B1DAA3B4BC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DE176DE5-BB60-4999-A2B4-D93C8AB776DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "751113D0-7085-4AE7-8F39-292293F297FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "31217ED6-C154-49CF-BD65-C272D630F58A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1F69D247-B168-40EC-BA4B-1C50879B64BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1894FAF3-1E8E-4A4F-9044-B9176CB2BD1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C822B4AB-4032-4BEB-A413-A80398A28EAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FF310F06-6674-470E-B258-4DF042B1FA68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F9BA86C9-0A31-4EBB-B73E-346D6C425988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70E082B0-B404-4E5E-9FC7-2B0B6F363A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1A5583AF-A3CE-4AEE-8D0F-5E0FE22BC3B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "054A3ED4-290A-484D-9F51-93A71968CAA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7C5B4753-3685-4088-A4B1-C4AE58C11F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "32732445-6761-40F0-836B-E7EAC9B9239B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EF8034DC-C20D-4972-AFBA-D3EBF8664164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5409F075-5268-476E-BEFE-2B93C8BB2870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A0A50D-547C-4508-8D6C-DBE26D0CEEF6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy 6.0 and 6.0.1.x before 6.0.1.10, 6.1.1.x before 6.1.1.8, and 6.1.2 writes admin AUTH_TOKEN values to execution logs, which allows remote authenticated users to gain privileges by leveraging the ability to create and execute a process."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy 6.0 y 6.0.1.x en versiones anteriores a 6.0.1.10, 6.1.1.x en versiones anteriores a 6.1.1.8 y 6.1.2 escribe valores admin AUTH_TOKEN para ejecutar logs, lo que permite a usuarios remotos autenticados obtener privilegios mediante el aprovechamiento de la capacidad de crear y ejecutar un proceso."
}
],
"id": "CVE-2015-4964",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-10-06T01:59:10.283",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964623"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964623"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-01 22:59
Modified
2025-04-20 01:37
Severity ?
Summary
IBM UrbanCode Deploy could allow an authenticated attacker with special permissions to craft a script on the server in a way that will cause processes to run on a remote UCD agent machine.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg2C1000218 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/95975 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg2C1000218 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95975 | Third Party Advisory, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B6C176CC-51F9-4C53-B0F8-D0E0A5387CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4BEE7852-A76C-4085-B14D-8BA67D825A8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C35B3347-EE12-4E84-92D9-533DA7F1581E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "32C10FFF-250A-4530-B631-1B1DAA3B4BC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DE176DE5-BB60-4999-A2B4-D93C8AB776DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "751113D0-7085-4AE7-8F39-292293F297FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "31217ED6-C154-49CF-BD65-C272D630F58A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1F69D247-B168-40EC-BA4B-1C50879B64BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1894FAF3-1E8E-4A4F-9044-B9176CB2BD1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C822B4AB-4032-4BEB-A413-A80398A28EAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FF310F06-6674-470E-B258-4DF042B1FA68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AEF92016-8494-4EBE-A32F-A123C1517F63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "744A36AB-5BC8-4FE1-BB91-9BC3019EBB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A4535B6A-0791-4855-BED4-01A8279F4930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C108D461-F391-491B-B1B4-AEB3155C2196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5A66AD80-303B-44B0-B773-701503F5B7E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7AF8BEEC-5F93-424B-94F6-622B9BA84CDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E6CFA4-8FD7-4106-800C-BE84B63D3E5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5DE72929-3618-4341-83DC-E4A006EE3D0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F59AC6D5-1F06-4EC4-BD36-6FA5221AE611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D7ED1843-E659-4931-8E08-8867D4286A18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6082BBED-6184-4173-BF5A-5B536FADBB39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70E082B0-B404-4E5E-9FC7-2B0B6F363A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1A5583AF-A3CE-4AEE-8D0F-5E0FE22BC3B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "054A3ED4-290A-484D-9F51-93A71968CAA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7C5B4753-3685-4088-A4B1-C4AE58C11F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "32732445-6761-40F0-836B-E7EAC9B9239B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EF8034DC-C20D-4972-AFBA-D3EBF8664164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5409F075-5268-476E-BEFE-2B93C8BB2870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F43800F6-328E-4481-B6AE-44A50F368314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A0A50D-547C-4508-8D6C-DBE26D0CEEF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E3BCD23-4033-443D-B2D5-CAF69FCD22D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1A72039-925C-48AE-8012-BA6AEE659D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "57A488B1-1221-46C4-B97D-B895368E3A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AF8D9BF8-E9DD-4967-86CE-DE2A6FF6DADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CFD390D-531E-4BC7-B9D4-74208E153F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EFBFBFFE-8E24-48C0-87D7-6E6D3017C79B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "93406315-DD19-45E5-84EE-B5D8F0A903D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C970147-39E9-4CCC-9FDE-B70546941323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "61F991AF-CD34-4307-85B0-58107E4CE1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "104066B9-7D5C-44FA-8745-DBD019761AC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "456DB48D-39E4-4F66-BEC4-1B7B135214BA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy could allow an authenticated attacker with special permissions to craft a script on the server in a way that will cause processes to run on a remote UCD agent machine."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy podr\u00eda permitir a un atacante autenticado con permisos especiales crear una secuencia de comandos en el servidor de manera que los procesos se ejecuten en una m\u00e1quina de agente UCD remota."
}
],
"id": "CVE-2016-2942",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-01T22:59:00.337",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000218"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95975"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000218"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95975"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-07-08 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
The agents in IBM UrbanCode Deploy 6.x before 6.0.1.14, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 do not verify a server's identity in a JMS session or an HTTP session, which allows local users to obtain root access to arbitrary agents via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B6C176CC-51F9-4C53-B0F8-D0E0A5387CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "49D22F1E-6827-4343-BD5E-376710FF9A50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C35B3347-EE12-4E84-92D9-533DA7F1581E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "32C10FFF-250A-4530-B631-1B1DAA3B4BC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DE176DE5-BB60-4999-A2B4-D93C8AB776DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "751113D0-7085-4AE7-8F39-292293F297FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "31217ED6-C154-49CF-BD65-C272D630F58A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1F69D247-B168-40EC-BA4B-1C50879B64BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1894FAF3-1E8E-4A4F-9044-B9176CB2BD1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C822B4AB-4032-4BEB-A413-A80398A28EAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FF310F06-6674-470E-B258-4DF042B1FA68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AEF92016-8494-4EBE-A32F-A123C1517F63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "744A36AB-5BC8-4FE1-BB91-9BC3019EBB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A4535B6A-0791-4855-BED4-01A8279F4930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C108D461-F391-491B-B1B4-AEB3155C2196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7AF8BEEC-5F93-424B-94F6-622B9BA84CDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E6CFA4-8FD7-4106-800C-BE84B63D3E5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5DE72929-3618-4341-83DC-E4A006EE3D0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F59AC6D5-1F06-4EC4-BD36-6FA5221AE611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D7ED1843-E659-4931-8E08-8867D4286A18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F9BA86C9-0A31-4EBB-B73E-346D6C425988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70E082B0-B404-4E5E-9FC7-2B0B6F363A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1A5583AF-A3CE-4AEE-8D0F-5E0FE22BC3B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "054A3ED4-290A-484D-9F51-93A71968CAA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7C5B4753-3685-4088-A4B1-C4AE58C11F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "32732445-6761-40F0-836B-E7EAC9B9239B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EF8034DC-C20D-4972-AFBA-D3EBF8664164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5409F075-5268-476E-BEFE-2B93C8BB2870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F43800F6-328E-4481-B6AE-44A50F368314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A0A50D-547C-4508-8D6C-DBE26D0CEEF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E3BCD23-4033-443D-B2D5-CAF69FCD22D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1A72039-925C-48AE-8012-BA6AEE659D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "57A488B1-1221-46C4-B97D-B895368E3A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CFD390D-531E-4BC7-B9D4-74208E153F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EFBFBFFE-8E24-48C0-87D7-6E6D3017C79B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "93406315-DD19-45E5-84EE-B5D8F0A903D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C970147-39E9-4CCC-9FDE-B70546941323",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The agents in IBM UrbanCode Deploy 6.x before 6.0.1.14, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 do not verify a server\u0027s identity in a JMS session or an HTTP session, which allows local users to obtain root access to arbitrary agents via unspecified vectors."
},
{
"lang": "es",
"value": "Los agentes en IBM UrbanCode Deploy 6.x en versiones anteriores a 6.0.1.14, 6.1.x en versiones anteriores a 6.1.3.3 y 6.2.x en versiones anteriores a 6.2.1.1 no verifica la identidad de un servidor en una sesi\u00f3n JMS o una sesi\u00f3n HTTP, lo que permite a usuarios locales obtener acceso de root a agentes arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2016-0271",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-07-08T01:59:02.930",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg2C1000150"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg2C1000150"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-19 03:15
Modified
2024-11-21 08:22
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. IBM X-Force ID: 265512.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/265512 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7096546 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/265512 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7096546 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "845BBD2F-F115-493B-862B-0B1E57A2CF17",
"versionEndExcluding": "7.1.2.15",
"versionStartIncluding": "7.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0831485-4FCF-47B5-9480-F03028E6CC85",
"versionEndExcluding": "7.2.3.8",
"versionStartIncluding": "7.2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FFBAF5A7-B9AA-4335-B27B-DD9C109425BE",
"versionEndExcluding": "7.3.2.3",
"versionStartIncluding": "7.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. IBM X-Force ID: 265512."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy (UCD) 7.1 a 7.1.2.14, 7.2 a 7.2.3.7 y 7.3 a 7.3.2.2 es vulnerable a la inyecci\u00f3n de HTML. Esta vulnerabilidad puede permitir que un usuario incruste etiquetas HTML arbitrarias en la interfaz de usuario web, lo que podr\u00eda provocar la divulgaci\u00f3n de informaci\u00f3n confidencial. ID de IBM X-Force: 265512."
}
],
"id": "CVE-2023-42015",
"lastModified": "2024-11-21T08:22:06.757",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-19T03:15:07.950",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265512"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7096546"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265512"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7096546"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-01 18:15
Modified
2024-11-21 06:46
Severity ?
Summary
IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 could disclose sensitive database information to a local user in plain text. IBM X-Force ID: 221008.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/221008 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6600067 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/221008 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6600067 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | urbancode_deploy | 6.2.7.15 | |
| ibm | urbancode_deploy | 7.0.5.10 | |
| ibm | urbancode_deploy | 7.1.2.6 | |
| ibm | urbancode_deploy | 7.2.2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "97DC9BCE-80D6-4FC5-B1A2-C57C876655A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:7.0.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8BBDB8DF-AB55-4703-A71C-51D5482F2BB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:7.1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE237B5-36EE-4F76-BD86-998152306768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:7.2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8784E3A5-F31B-4646-8980-EF2C6BE59321",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 could disclose sensitive database information to a local user in plain text. IBM X-Force ID: 221008."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy (UCD) versiones 6.2.7.15, 7.0.5.10, 7.1.2.6 y 7.2.2.1, podr\u00eda divulgar informaci\u00f3n confidencial de la base de datos a un usuario local en texto plano. IBM X-Force ID: 221008"
}
],
"id": "CVE-2022-22367",
"lastModified": "2024-11-21T06:46:42.593",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.5,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-01T18:15:08.673",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/221008"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6600067"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/221008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6600067"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-01 22:59
Modified
2025-04-20 01:37
Severity ?
Summary
IBM UrbanCode Deploy could allow a malicious user to access the Agent Relay ActiveMQ Broker JMX interface and run plugins on the agent.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg2C1000238 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/95283 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg2C1000238 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95283 | Third Party Advisory, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B6C176CC-51F9-4C53-B0F8-D0E0A5387CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4BEE7852-A76C-4085-B14D-8BA67D825A8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C35B3347-EE12-4E84-92D9-533DA7F1581E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "32C10FFF-250A-4530-B631-1B1DAA3B4BC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DE176DE5-BB60-4999-A2B4-D93C8AB776DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "751113D0-7085-4AE7-8F39-292293F297FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "31217ED6-C154-49CF-BD65-C272D630F58A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1F69D247-B168-40EC-BA4B-1C50879B64BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1894FAF3-1E8E-4A4F-9044-B9176CB2BD1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C822B4AB-4032-4BEB-A413-A80398A28EAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FF310F06-6674-470E-B258-4DF042B1FA68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AEF92016-8494-4EBE-A32F-A123C1517F63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "744A36AB-5BC8-4FE1-BB91-9BC3019EBB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A4535B6A-0791-4855-BED4-01A8279F4930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C108D461-F391-491B-B1B4-AEB3155C2196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5A66AD80-303B-44B0-B773-701503F5B7E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7AF8BEEC-5F93-424B-94F6-622B9BA84CDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E6CFA4-8FD7-4106-800C-BE84B63D3E5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5DE72929-3618-4341-83DC-E4A006EE3D0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F59AC6D5-1F06-4EC4-BD36-6FA5221AE611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D7ED1843-E659-4931-8E08-8867D4286A18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6082BBED-6184-4173-BF5A-5B536FADBB39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70E082B0-B404-4E5E-9FC7-2B0B6F363A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1A5583AF-A3CE-4AEE-8D0F-5E0FE22BC3B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "054A3ED4-290A-484D-9F51-93A71968CAA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7C5B4753-3685-4088-A4B1-C4AE58C11F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "32732445-6761-40F0-836B-E7EAC9B9239B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EF8034DC-C20D-4972-AFBA-D3EBF8664164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5409F075-5268-476E-BEFE-2B93C8BB2870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F43800F6-328E-4481-B6AE-44A50F368314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A0A50D-547C-4508-8D6C-DBE26D0CEEF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E3BCD23-4033-443D-B2D5-CAF69FCD22D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1A72039-925C-48AE-8012-BA6AEE659D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "57A488B1-1221-46C4-B97D-B895368E3A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AF8D9BF8-E9DD-4967-86CE-DE2A6FF6DADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CFD390D-531E-4BC7-B9D4-74208E153F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EFBFBFFE-8E24-48C0-87D7-6E6D3017C79B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "93406315-DD19-45E5-84EE-B5D8F0A903D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C970147-39E9-4CCC-9FDE-B70546941323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "61F991AF-CD34-4307-85B0-58107E4CE1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "104066B9-7D5C-44FA-8745-DBD019761AC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "456DB48D-39E4-4F66-BEC4-1B7B135214BA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy could allow a malicious user to access the Agent Relay ActiveMQ Broker JMX interface and run plugins on the agent."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy podr\u00eda permitir a un usuario malintencionado acceder a la interfaz Agente Relay ActiveMQ Broker JMX y ejecutar complementos en el agente."
}
],
"id": "CVE-2016-9008",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-01T22:59:01.150",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000238"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95283"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000238"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95283"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-01 17:15
Modified
2024-11-21 06:46
Severity ?
Summary
IBM UrbanCode Deploy (UCD) 7.0.5, 7.1.0, 7.1.1, and 7.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 218859.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/218859 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6568551 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/218859 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6568551 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69386AE7-2C2B-4A34-8142-1D54B5641411",
"versionEndExcluding": "7.0.5.9",
"versionStartIncluding": "7.0.5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83C4F99F-9715-457B-A334-85CB2635EEB2",
"versionEndExcluding": "7.1.2.5",
"versionStartIncluding": "7.1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 7.0.5, 7.1.0, 7.1.1, and 7.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 218859."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy (UCD) versiones 7.0.5, 7.1.0, 7.1.1 y 7.1.2, usa algoritmos criptogr\u00e1ficos m\u00e1s d\u00e9biles de lo esperado que podr\u00edan permitir a un atacante descifrar informaci\u00f3n altamente confidencial. IBM X-Force ID: 218859"
}
],
"id": "CVE-2022-22327",
"lastModified": "2024-11-21T06:46:38.913",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-01T17:15:09.400",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/218859"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6568551"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/218859"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6568551"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-01-01 05:59
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in IBM UrbanCode Deploy 6.0 before 6.0.1.12, 6.1 before 6.1.3.2, and 6.2 before 6.2.0.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | urbancode_deploy | 6.0 | |
| ibm | urbancode_deploy | 6.0.1.0 | |
| ibm | urbancode_deploy | 6.0.1.1 | |
| ibm | urbancode_deploy | 6.0.1.2 | |
| ibm | urbancode_deploy | 6.0.1.3 | |
| ibm | urbancode_deploy | 6.0.1.4 | |
| ibm | urbancode_deploy | 6.0.1.5 | |
| ibm | urbancode_deploy | 6.0.1.6 | |
| ibm | urbancode_deploy | 6.0.1.7 | |
| ibm | urbancode_deploy | 6.0.1.8 | |
| ibm | urbancode_deploy | 6.0.1.9 | |
| ibm | urbancode_deploy | 6.0.1.10 | |
| ibm | urbancode_deploy | 6.0.1.11 | |
| ibm | urbancode_deploy | 6.1.1.0 | |
| ibm | urbancode_deploy | 6.1.1.1 | |
| ibm | urbancode_deploy | 6.1.1.2 | |
| ibm | urbancode_deploy | 6.1.1.3 | |
| ibm | urbancode_deploy | 6.1.1.4 | |
| ibm | urbancode_deploy | 6.1.1.5 | |
| ibm | urbancode_deploy | 6.1.1.6 | |
| ibm | urbancode_deploy | 6.1.1.7 | |
| ibm | urbancode_deploy | 6.1.1.8 | |
| ibm | urbancode_deploy | 6.1.2 | |
| ibm | urbancode_deploy | 6.1.3 | |
| ibm | urbancode_deploy | 6.1.3.1 | |
| ibm | urbancode_deploy | 6.2.0.0 | |
| ibm | urbancode_deploy | 6.2.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B6C176CC-51F9-4C53-B0F8-D0E0A5387CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "49D22F1E-6827-4343-BD5E-376710FF9A50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C35B3347-EE12-4E84-92D9-533DA7F1581E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "32C10FFF-250A-4530-B631-1B1DAA3B4BC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DE176DE5-BB60-4999-A2B4-D93C8AB776DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "751113D0-7085-4AE7-8F39-292293F297FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "31217ED6-C154-49CF-BD65-C272D630F58A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1F69D247-B168-40EC-BA4B-1C50879B64BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1894FAF3-1E8E-4A4F-9044-B9176CB2BD1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C822B4AB-4032-4BEB-A413-A80398A28EAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FF310F06-6674-470E-B258-4DF042B1FA68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AEF92016-8494-4EBE-A32F-A123C1517F63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "744A36AB-5BC8-4FE1-BB91-9BC3019EBB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F9BA86C9-0A31-4EBB-B73E-346D6C425988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70E082B0-B404-4E5E-9FC7-2B0B6F363A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1A5583AF-A3CE-4AEE-8D0F-5E0FE22BC3B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "054A3ED4-290A-484D-9F51-93A71968CAA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7C5B4753-3685-4088-A4B1-C4AE58C11F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "32732445-6761-40F0-836B-E7EAC9B9239B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EF8034DC-C20D-4972-AFBA-D3EBF8664164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5409F075-5268-476E-BEFE-2B93C8BB2870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F43800F6-328E-4481-B6AE-44A50F368314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A0A50D-547C-4508-8D6C-DBE26D0CEEF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E3BCD23-4033-443D-B2D5-CAF69FCD22D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1A72039-925C-48AE-8012-BA6AEE659D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CFD390D-531E-4BC7-B9D4-74208E153F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EFBFBFFE-8E24-48C0-87D7-6E6D3017C79B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM UrbanCode Deploy 6.0 before 6.0.1.12, 6.1 before 6.1.3.2, and 6.2 before 6.2.0.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en IBM UrbanCode Deploy 6.0 en versiones anteriores a 6.0.1.12, 6.1 en versiones anteriores a 6.1.3.2 y 6.2 en versiones anteriores a 6.2.0.2 permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada."
}
],
"id": "CVE-2015-7415",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-01-01T05:59:04.690",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970811"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970811"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-13 16:29
Modified
2024-11-21 03:21
Severity ?
Summary
Sensitive information about the configuration of the IBM UrbanCode Deploy 6.1 through 6.9.6.0 server and database can be obtained by a user who has been given elevated permissions in the UI, even after those elevated permissions have been revoked. IBM X-Force ID: 125147.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/125147 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=swg2C1000377 | Broken Link, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/125147 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=swg2C1000377 | Broken Link, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | urbancode_deploy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05C24458-E25B-45D8-BBFE-FB730137EC3C",
"versionEndIncluding": "6.9.6.0",
"versionStartExcluding": "6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information about the configuration of the IBM UrbanCode Deploy 6.1 through 6.9.6.0 server and database can be obtained by a user who has been given elevated permissions in the UI, even after those elevated permissions have been revoked. IBM X-Force ID: 125147."
},
{
"lang": "es",
"value": "La informaci\u00f3n sensible sobre la configuraci\u00f3n del servidor y la base de datos de IBM UrbanCode Deploy desde la versi\u00f3n 6.1 hasta la 6.9.6.0 puede ser obtenida por un usuario al que se le hayan otorgado permisos elevados en la interfaz de usuario, incluso despu\u00e9s de que dichos permisos elevados hayan sido revocados. IBM X-Force ID: 125147."
}
],
"id": "CVE-2017-1286",
"lastModified": "2024-11-21T03:21:38.503",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-13T16:29:00.370",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125147"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg2C1000377"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125147"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg2C1000377"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-11 18:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM UrbanCode Deploy (UCD) 7.0.5.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 171249.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/171249 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6208076 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/171249 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6208076 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | urbancode_deploy | 7.0.5.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:7.0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A544EFBA-AC58-48D4-9252-7F165056EF6A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 7.0.5.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 171249."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy (UCD) versi\u00f3n 7.0.5.2, podr\u00eda permitir a un atacante remoto obtener informaci\u00f3n confidencial, causada por el fallo al habilitar apropiadamente HTTP Strict Transport Security. Un atacante podr\u00eda explotar esta vulnerabilidad para obtener informaci\u00f3n confidencial usando t\u00e9cnicas de tipo man in the middle. ID de IBM X-Force: 171249."
}
],
"id": "CVE-2019-4667",
"lastModified": "2024-11-21T04:43:56.983",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-11T18:15:11.670",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/171249"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6208076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/171249"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6208076"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-09-10 10:55
Modified
2025-04-12 10:46
Severity ?
Summary
IBM UrbanCode Deploy 6.1.0.2 before IF1 allows remote authenticated users to read keystore secret keys via a direct request to a UI page.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | urbancode_deploy | 6.1.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5DE72929-3618-4341-83DC-E4A006EE3D0E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy 6.1.0.2 before IF1 allows remote authenticated users to read keystore secret keys via a direct request to a UI page."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy 6.1.0.2 anterior a IF1 permite a usuarios remotos autenticados leer las claves secretas del almac\u00e9n de claves a trav\u00e9s de una solicitud directa a una p\u00e1gina de la interfaz del usuario."
}
],
"id": "CVE-2014-6074",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-09-10T10:55:08.723",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683551"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/69640"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95726"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683551"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/69640"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95726"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-20 00:15
Modified
2024-11-21 08:29
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 may mishandle input validation of an uploaded archive file leading to a denial of service due to resource exhaustion. IBM X-Force ID: 270799.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D9BA852-DB65-4E85-8F40-EAD6897A42C5",
"versionEndIncluding": "7.0.5.18",
"versionStartIncluding": "7.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D26A6175-309B-4841-8ED2-CAE52C56660D",
"versionEndIncluding": "7.1.2.14",
"versionStartIncluding": "7.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B06C8A89-2DB4-4A6D-BD31-8B2BA54218A2",
"versionEndIncluding": "7.2.3.7",
"versionStartIncluding": "7.2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86E324E0-1439-4F6B-8768-96F384630CE7",
"versionEndIncluding": "7.3.2.2",
"versionStartIncluding": "7.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 may mishandle input validation of an uploaded archive file leading to a denial of service due to resource exhaustion. IBM X-Force ID: 270799."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy (UCD) 7.1 a 7.1.2.14, 7.2 a 7.2.3.7 y 7.3 a 7.3.2.2 puede manejar mal la validaci\u00f3n de entrada de un archivo cargado, lo que lleva a una denegaci\u00f3n de servicio debido al agotamiento de los recursos. ID de IBM X-Force: 270799."
}
],
"id": "CVE-2023-47161",
"lastModified": "2024-11-21T08:29:52.717",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-20T00:15:08.670",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270799"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7096552"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270799"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7096552"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-20 20:15
Modified
2024-11-21 07:31
Severity ?
4.6 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
4.6 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
4.6 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Summary
IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.18, 7.0.5.0 through 7.0.5.13, 7.1.0.0 through 7.1.2.9, 7.2.0.0 through 7.2.3.2 and 7.3.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 242273.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/242273 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6848897 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/242273 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6848897 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | 7.3.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1AC39F6-81EB-4612-BB0B-E054A7F086C9",
"versionEndIncluding": "6.2.7.18",
"versionStartIncluding": "6.2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A02F4F2-E099-4EF5-9841-10A37F1EFEC4",
"versionEndIncluding": "7.0.5.13",
"versionStartIncluding": "7.0.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57133E67-CEDB-411B-BD2C-928ED4DEB0E5",
"versionEndIncluding": "7.1.2.9",
"versionStartIncluding": "7.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8DF7AEA5-EA8D-4560-AEAD-1A08F4FDB4A8",
"versionEndIncluding": "7.2.3.2",
"versionStartIncluding": "7.2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:7.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ADD612A7-4801-47C9-A87D-DE7BDF75C793",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nIBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.18, 7.0.5.0 through 7.0.5.13, 7.1.0.0 through 7.1.2.9, 7.2.0.0 through 7.2.3.2 and 7.3.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 242273.\n\n"
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy (UCD) 6.2.0.0 a 6.2.7.18, 7.0.5.0 a 7.0.5.13, 7.1.0.0 a 7.1.2.9, 7.2.0.0 a 7.2.3.2 y 7.3.0.0 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista, lo que podr\u00eda conducir a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 242273."
}
],
"id": "CVE-2022-46771",
"lastModified": "2024-11-21T07:31:01.827",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-20T20:15:10.960",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/242273"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6848897"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/242273"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6848897"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-06 03:15
Modified
2025-01-29 16:15
Severity ?
5.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
IBM UrbanCode Deploy (UCD) versions up to 7.3.0.1 could disclose sensitive password information during a manual edit of the agentrelay.properties file. IBM X-Force ID: 240148.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/240148 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6967351 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/240148 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6967351 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6AECF25C-0B07-44ED-A22A-C236A3162D3A",
"versionEndExcluding": "6.2.7.20",
"versionStartIncluding": "6.2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C6A8986-EA96-4CC1-8996-492694ABB13B",
"versionEndExcluding": "7.0.5.15",
"versionStartIncluding": "7.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7400899E-E98C-4C32-BD86-2AF5422AE3C9",
"versionEndExcluding": "7.1.2.11",
"versionStartIncluding": "7.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC269C51-7E17-44BF-A6DF-0BD283C54818",
"versionEndExcluding": "7.2.3.4",
"versionStartIncluding": "7.2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8635D735-B251-4DB6-AD25-1309EA0C4A74",
"versionEndExcluding": "7.3.1.0",
"versionStartIncluding": "7.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) versions up to 7.3.0.1 could disclose sensitive password information during a manual edit of the agentrelay.properties file. IBM X-Force ID: 240148."
}
],
"id": "CVE-2022-43877",
"lastModified": "2025-01-29T16:15:31.040",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.4,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-05-06T03:15:08.950",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/240148"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6967351"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/240148"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6967351"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-922"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-922"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-01 22:59
Modified
2025-04-20 01:37
Severity ?
Summary
IBM UrbanCode Deploy could allow an authenticated user to modify Ucd objects due to multiple REST endpoints not properly authorizing users editing UCD objects. This could affect the behavior of legitimately triggered processes.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg2C1000222 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/95974 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg2C1000222 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95974 | Third Party Advisory, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B6C176CC-51F9-4C53-B0F8-D0E0A5387CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4BEE7852-A76C-4085-B14D-8BA67D825A8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C35B3347-EE12-4E84-92D9-533DA7F1581E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "32C10FFF-250A-4530-B631-1B1DAA3B4BC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DE176DE5-BB60-4999-A2B4-D93C8AB776DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "751113D0-7085-4AE7-8F39-292293F297FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "31217ED6-C154-49CF-BD65-C272D630F58A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1F69D247-B168-40EC-BA4B-1C50879B64BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1894FAF3-1E8E-4A4F-9044-B9176CB2BD1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C822B4AB-4032-4BEB-A413-A80398A28EAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FF310F06-6674-470E-B258-4DF042B1FA68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AEF92016-8494-4EBE-A32F-A123C1517F63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "744A36AB-5BC8-4FE1-BB91-9BC3019EBB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A4535B6A-0791-4855-BED4-01A8279F4930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C108D461-F391-491B-B1B4-AEB3155C2196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5A66AD80-303B-44B0-B773-701503F5B7E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7AF8BEEC-5F93-424B-94F6-622B9BA84CDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E6CFA4-8FD7-4106-800C-BE84B63D3E5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5DE72929-3618-4341-83DC-E4A006EE3D0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F59AC6D5-1F06-4EC4-BD36-6FA5221AE611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D7ED1843-E659-4931-8E08-8867D4286A18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6082BBED-6184-4173-BF5A-5B536FADBB39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70E082B0-B404-4E5E-9FC7-2B0B6F363A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1A5583AF-A3CE-4AEE-8D0F-5E0FE22BC3B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "054A3ED4-290A-484D-9F51-93A71968CAA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7C5B4753-3685-4088-A4B1-C4AE58C11F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "32732445-6761-40F0-836B-E7EAC9B9239B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EF8034DC-C20D-4972-AFBA-D3EBF8664164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5409F075-5268-476E-BEFE-2B93C8BB2870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F43800F6-328E-4481-B6AE-44A50F368314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A0A50D-547C-4508-8D6C-DBE26D0CEEF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E3BCD23-4033-443D-B2D5-CAF69FCD22D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1A72039-925C-48AE-8012-BA6AEE659D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "57A488B1-1221-46C4-B97D-B895368E3A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AF8D9BF8-E9DD-4967-86CE-DE2A6FF6DADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CFD390D-531E-4BC7-B9D4-74208E153F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EFBFBFFE-8E24-48C0-87D7-6E6D3017C79B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "93406315-DD19-45E5-84EE-B5D8F0A903D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C970147-39E9-4CCC-9FDE-B70546941323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "61F991AF-CD34-4307-85B0-58107E4CE1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "104066B9-7D5C-44FA-8745-DBD019761AC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "456DB48D-39E4-4F66-BEC4-1B7B135214BA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy could allow an authenticated user to modify Ucd objects due to multiple REST endpoints not properly authorizing users editing UCD objects. This could affect the behavior of legitimately triggered processes."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy podr\u00eda permitir a un usuario autenticado modificar objetos Ucd debido a que m\u00faltiples endpoints REST no autorizan adecuadamente a los usuarios la edici\u00f3n de objetos UCD. Esto podr\u00eda afectar el comportamiento de los procesos leg\u00edtimamente desencadenados."
}
],
"id": "CVE-2016-0320",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-01T22:59:00.243",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000222"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95974"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000222"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95974"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-03-27 15:15
Modified
2025-08-14 19:13
Severity ?
Summary
IBM UrbanCode Deploy (UCD) through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1
stores potentially sensitive authentication token information in log files that could be read by a local user.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7229034 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | devops_deploy | * | |
| ibm | devops_deploy | 8.1.0.0 | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:devops_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D02CEF4-E668-46C3-B136-9FBB0D1F1B65",
"versionEndExcluding": "8.0.1.5",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:devops_deploy:8.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FFD6AB40-6302-4B11-809C-907ABBEDF7DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5225DF4D-BDFD-4ECE-843E-6E51B00D0DCD",
"versionEndExcluding": "7.1.2.22",
"versionStartIncluding": "7.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19CB1BD1-C6C2-4B72-9FF2-6463F76E8E5F",
"versionEndExcluding": "7.2.3.15",
"versionStartIncluding": "7.2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB1D16B-E73A-4004-AD8D-B1E8238CA502",
"versionEndExcluding": "7.3.2.10",
"versionStartIncluding": "7.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 \n\nstores potentially sensitive authentication token information in log files that could be read by a local user."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy (UCD) versiones 7.1.2.21, 7.2 a 7.2.3.14 y 7.3 a 7.3.2.0 / IBM DevOps Deploy versiones 8.0 a 8.0.1.4 y 8.1 a 8.1 almacenan informaci\u00f3n de token de autenticaci\u00f3n potencialmente confidencial en archivos de registro que un usuario local podr\u00eda leer."
}
],
"id": "CVE-2025-1998",
"lastModified": "2025-08-14T19:13:16.593",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
},
"published": "2025-03-27T15:15:54.707",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7229034"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-30 16:15
Modified
2024-11-21 05:33
Severity ?
Summary
IBM UrbanCode Deploy (UCD) 7.0.3.0, 7.0.4.0, 7.0.5.3, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2, stores keystore passwords in plain text after a manual edit, which can be read by a local user. IBM X-Force ID: 191944.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/191944 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6437567 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/191944 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6437567 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | urbancode_deploy | 7.0.3.0 | |
| ibm | urbancode_deploy | 7.0.4.0 | |
| ibm | urbancode_deploy | 7.0.5.3 | |
| ibm | urbancode_deploy | 7.0.5.4 | |
| ibm | urbancode_deploy | 7.1.0.0 | |
| ibm | urbancode_deploy | 7.1.1.0 | |
| ibm | urbancode_deploy | 7.1.1.1 | |
| ibm | urbancode_deploy | 7.1.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:7.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD8CFC9C-03E2-44CE-A65A-DBD163BF864F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:7.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "066058E1-6FA5-4E57-849E-8D38F37D227A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:7.0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0DED646A-942B-4E87-A07D-AAD3C3BE9B63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:7.0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AA08FD96-2B25-4CBF-9DBF-5A42F2F0A51E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:7.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D95D1183-4340-41DF-970B-CDCB6E37CB24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:7.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "64055BC1-21B4-42EB-B2B9-E81A1FE3241B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF7BB82D-448E-4FF3-AB77-D9B69E12C81A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:7.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E7CE901B-91C6-425E-B3D4-DD7A626B9834",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 7.0.3.0, 7.0.4.0, 7.0.5.3, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2, stores keystore passwords in plain text after a manual edit, which can be read by a local user. IBM X-Force ID: 191944."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy (UCD) versiones 7.0.3.0, 7.0.4.0, 7.0.5.3, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1 y 7.1.1.2, almacena las contrase\u00f1as del almac\u00e9n de claves en texto plano despu\u00e9s de un edit manual, que puede ser le\u00eddo por un usuario local. IBM X-Force ID: 191944."
}
],
"id": "CVE-2020-4944",
"lastModified": "2024-11-21T05:33:27.670",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.4,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-30T16:15:14.990",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191944"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6437567"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/191944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6437567"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-30 16:15
Modified
2024-11-21 05:33
Severity ?
Summary
IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 could allow an authenticated user to initiate a plugin or compare process resources that they should not have access to. IBM X-Force ID: 190293.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/190293 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6437573 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/190293 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6437573 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | urbancode_deploy | 6.2.7.9 | |
| ibm | urbancode_deploy | 7.0.5.4 | |
| ibm | urbancode_deploy | 7.1.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5F5AE3F1-726A-4540-BF4D-8CF893AC839D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:7.0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AA08FD96-2B25-4CBF-9DBF-5A42F2F0A51E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:7.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF7BB82D-448E-4FF3-AB77-D9B69E12C81A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 could allow an authenticated user to initiate a plugin or compare process resources that they should not have access to. IBM X-Force ID: 190293."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy (UCD) versiones 6.2.7.9, 7.0.5.4 y 7.1.1.1, podr\u00eda permitir a un usuario autenticado iniciar un plugin o comparar recursos del proceso a los que no deber\u00eda tener acceso.\u0026#xa0;IBM X-Force ID: 190293."
}
],
"id": "CVE-2020-4848",
"lastModified": "2024-11-21T05:33:19.070",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-30T16:15:14.773",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190293"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6437573"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190293"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6437573"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-01 22:59
Modified
2025-04-20 01:37
Severity ?
Summary
IBM UrbanCode Deploy creates temporary files during step execution that could contain sensitive information including passwords that could be read by a local user.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg2C1000220 | Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/95978 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg2C1000220 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95978 | Third Party Advisory, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B6C176CC-51F9-4C53-B0F8-D0E0A5387CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4BEE7852-A76C-4085-B14D-8BA67D825A8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C35B3347-EE12-4E84-92D9-533DA7F1581E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "32C10FFF-250A-4530-B631-1B1DAA3B4BC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DE176DE5-BB60-4999-A2B4-D93C8AB776DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "751113D0-7085-4AE7-8F39-292293F297FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "31217ED6-C154-49CF-BD65-C272D630F58A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1F69D247-B168-40EC-BA4B-1C50879B64BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1894FAF3-1E8E-4A4F-9044-B9176CB2BD1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C822B4AB-4032-4BEB-A413-A80398A28EAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FF310F06-6674-470E-B258-4DF042B1FA68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AEF92016-8494-4EBE-A32F-A123C1517F63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "744A36AB-5BC8-4FE1-BB91-9BC3019EBB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A4535B6A-0791-4855-BED4-01A8279F4930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C108D461-F391-491B-B1B4-AEB3155C2196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5A66AD80-303B-44B0-B773-701503F5B7E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7AF8BEEC-5F93-424B-94F6-622B9BA84CDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E6CFA4-8FD7-4106-800C-BE84B63D3E5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5DE72929-3618-4341-83DC-E4A006EE3D0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F59AC6D5-1F06-4EC4-BD36-6FA5221AE611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D7ED1843-E659-4931-8E08-8867D4286A18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6082BBED-6184-4173-BF5A-5B536FADBB39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70E082B0-B404-4E5E-9FC7-2B0B6F363A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1A5583AF-A3CE-4AEE-8D0F-5E0FE22BC3B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "054A3ED4-290A-484D-9F51-93A71968CAA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7C5B4753-3685-4088-A4B1-C4AE58C11F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "32732445-6761-40F0-836B-E7EAC9B9239B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EF8034DC-C20D-4972-AFBA-D3EBF8664164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5409F075-5268-476E-BEFE-2B93C8BB2870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F43800F6-328E-4481-B6AE-44A50F368314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A0A50D-547C-4508-8D6C-DBE26D0CEEF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E3BCD23-4033-443D-B2D5-CAF69FCD22D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1A72039-925C-48AE-8012-BA6AEE659D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "57A488B1-1221-46C4-B97D-B895368E3A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AF8D9BF8-E9DD-4967-86CE-DE2A6FF6DADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CFD390D-531E-4BC7-B9D4-74208E153F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EFBFBFFE-8E24-48C0-87D7-6E6D3017C79B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "93406315-DD19-45E5-84EE-B5D8F0A903D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C970147-39E9-4CCC-9FDE-B70546941323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "61F991AF-CD34-4307-85B0-58107E4CE1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "104066B9-7D5C-44FA-8745-DBD019761AC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "456DB48D-39E4-4F66-BEC4-1B7B135214BA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy creates temporary files during step execution that could contain sensitive information including passwords that could be read by a local user."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy crea archivos temporales durante la ejecuci\u00f3n de pasos que podr\u00edan contener informaci\u00f3n sensible incluyendo contrase\u00f1as que podr\u00edan ser le\u00eddas por un usuario local."
}
],
"id": "CVE-2016-2941",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-01T22:59:00.307",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000220"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95978"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95978"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-25 18:59
Modified
2025-04-20 01:37
Severity ?
Summary
IBM UrbanCode Deploy (UCD) 6.0, 6.1, and 6.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 122202.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg2C1000289 | Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/98026 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg2C1000289 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98026 | Third Party Advisory, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B6C176CC-51F9-4C53-B0F8-D0E0A5387CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "49D22F1E-6827-4343-BD5E-376710FF9A50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C35B3347-EE12-4E84-92D9-533DA7F1581E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "32C10FFF-250A-4530-B631-1B1DAA3B4BC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DE176DE5-BB60-4999-A2B4-D93C8AB776DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "751113D0-7085-4AE7-8F39-292293F297FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "31217ED6-C154-49CF-BD65-C272D630F58A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1F69D247-B168-40EC-BA4B-1C50879B64BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1894FAF3-1E8E-4A4F-9044-B9176CB2BD1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C822B4AB-4032-4BEB-A413-A80398A28EAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FF310F06-6674-470E-B258-4DF042B1FA68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AEF92016-8494-4EBE-A32F-A123C1517F63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "744A36AB-5BC8-4FE1-BB91-9BC3019EBB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A4535B6A-0791-4855-BED4-01A8279F4930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C108D461-F391-491B-B1B4-AEB3155C2196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7AF8BEEC-5F93-424B-94F6-622B9BA84CDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E6CFA4-8FD7-4106-800C-BE84B63D3E5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F59AC6D5-1F06-4EC4-BD36-6FA5221AE611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D7ED1843-E659-4931-8E08-8867D4286A18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F9BA86C9-0A31-4EBB-B73E-346D6C425988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70E082B0-B404-4E5E-9FC7-2B0B6F363A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1A5583AF-A3CE-4AEE-8D0F-5E0FE22BC3B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "054A3ED4-290A-484D-9F51-93A71968CAA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7C5B4753-3685-4088-A4B1-C4AE58C11F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "32732445-6761-40F0-836B-E7EAC9B9239B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EF8034DC-C20D-4972-AFBA-D3EBF8664164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5409F075-5268-476E-BEFE-2B93C8BB2870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F43800F6-328E-4481-B6AE-44A50F368314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A0A50D-547C-4508-8D6C-DBE26D0CEEF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E3BCD23-4033-443D-B2D5-CAF69FCD22D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1A72039-925C-48AE-8012-BA6AEE659D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "57A488B1-1221-46C4-B97D-B895368E3A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CFD390D-531E-4BC7-B9D4-74208E153F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EFBFBFFE-8E24-48C0-87D7-6E6D3017C79B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "93406315-DD19-45E5-84EE-B5D8F0A903D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.0.201:*:*:*:*:*:*:*",
"matchCriteriaId": "DAC97896-4190-4290-8176-00437F1E8864",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C970147-39E9-4CCC-9FDE-B70546941323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "61F991AF-CD34-4307-85B0-58107E4CE1D1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 6.0, 6.1, and 6.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 122202."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy (UCD) 6.0, 6.1, y 6.2 es vulnerable a una denegaci\u00f3n de servicio, provocada por un error XML External Entity Injection (XXE) cuando procesa datos XML. Un atacante remoto podr\u00eda explotar esta vulnerabilidad para exponer informaci\u00f3n altamente sensible o consumir todos los recursos de memoria disponibles. IBM X-Force ID: 122202."
}
],
"id": "CVE-2017-1149",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 7.8,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-25T18:59:00.167",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000289"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98026"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000289"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98026"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-29 16:15
Modified
2024-11-21 06:18
Severity ?
Summary
IBM UrbanCode Deploy (UCD) 7.1.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/215693 | Broken Link, VDB Entry | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6576179 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/215693 | Broken Link, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6576179 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | urbancode_deploy | 7.0.3.4.1044170 | |
| ibm | urbancode_deploy | 7.0.4.1.1036185 | |
| ibm | urbancode_deploy | 7.0.4.2.1038002 | |
| ibm | urbancode_deploy | 7.0.4.3.1044169 | |
| ibm | urbancode_deploy | 7.0.5.0.1041488 | |
| ibm | urbancode_deploy | 7.0.5.1.1044461 | |
| ibm | urbancode_deploy | 7.0.5.2.1050384 | |
| ibm | urbancode_deploy | 7.1.0.0.1058690 | |
| ibm | urbancode_deploy | 7.1.0.1.1061360 | |
| ibm | urbancode_deploy | 7.1.0.1.ifix01.1062130 | |
| ibm | urbancode_deploy | 7.1.0.2.1063225 | |
| ibm | urbancode_deploy | 7.1.0.3.1069281 | |
| ibm | urbancode_deploy | 7.1.1.0.1073118 | |
| ibm | urbancode_deploy | 7.1.1.1.1074331 | |
| ibm | urbancode_deploy | 7.1.1.2.1090482 | |
| ibm | urbancode_deploy | 7.1.2.0.1100493 | |
| ibm | urbancode_deploy | 7.1.2.1.1104332 | |
| ibm | urbancode_deploy | 7.2.0.0.1109832 | |
| ibm | urbancode_deploy | 7.2.0.1.1114184 | |
| ibm | urbancode_deploy | 7.2.0.2.1116435 | |
| ibm | urbancode_deploy | 7.2.1.0.1123293 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:7.0.3.4.1044170:*:*:*:*:*:*:*",
"matchCriteriaId": "75E707C1-0F38-46CF-A9F9-71E786C1E513",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:7.0.4.1.1036185:*:*:*:*:*:*:*",
"matchCriteriaId": "C77C75A2-0075-4D02-8006-D6A73084F7D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:7.0.4.2.1038002:*:*:*:*:*:*:*",
"matchCriteriaId": "BB879945-5793-462E-B4D9-1C5C57EF015A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:7.0.4.3.1044169:*:*:*:*:*:*:*",
"matchCriteriaId": "17E66571-C096-4842-A354-15B983AD6266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:7.0.5.0.1041488:*:*:*:*:*:*:*",
"matchCriteriaId": "C0DE5BE2-2E55-490C-8D3F-4ABDABC0F205",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:7.0.5.1.1044461:*:*:*:*:*:*:*",
"matchCriteriaId": "07BE2519-7694-4612-BB9C-0BF899B76A84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:7.0.5.2.1050384:*:*:*:*:*:*:*",
"matchCriteriaId": "770D8345-44C5-48DF-8F74-865E0155D0D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:7.1.0.0.1058690:*:*:*:*:*:*:*",
"matchCriteriaId": "C398510B-8381-4488-B99A-1F1C365D633A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:7.1.0.1.1061360:*:*:*:*:*:*:*",
"matchCriteriaId": "9DBFDC1E-02C4-433A-A5FE-7A65CC9579A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:7.1.0.1.ifix01.1062130:*:*:*:*:*:*:*",
"matchCriteriaId": "E58B96F9-5C53-4F63-87A2-348A96B671B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:7.1.0.2.1063225:*:*:*:*:*:*:*",
"matchCriteriaId": "85EFAA45-D454-44A0-8BD8-0B9527D0CD38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:7.1.0.3.1069281:*:*:*:*:*:*:*",
"matchCriteriaId": "17EDE7F4-A63D-4CB0-A856-FFB8974F4B3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:7.1.1.0.1073118:*:*:*:*:*:*:*",
"matchCriteriaId": "951808A4-184E-494F-9287-BF131C857379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:7.1.1.1.1074331:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1BD8F5-F576-4272-A46F-BC31FF0FA001",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:7.1.1.2.1090482:*:*:*:*:*:*:*",
"matchCriteriaId": "E9595657-9472-4F96-96FD-A3CC38A89D68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:7.1.2.0.1100493:*:*:*:*:*:*:*",
"matchCriteriaId": "144CF629-71D8-4D68-AA2E-7FF3106F3F8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:7.1.2.1.1104332:*:*:*:*:*:*:*",
"matchCriteriaId": "6A6544A8-84F3-48BB-A7D1-37B27F4D7BF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:7.2.0.0.1109832:*:*:*:*:*:*:*",
"matchCriteriaId": "7ED4C206-1343-4C03-9FD8-5D7CC43E694C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:7.2.0.1.1114184:*:*:*:*:*:*:*",
"matchCriteriaId": "1BECCA4D-51BB-4153-BF6B-58D2BCD38CD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:7.2.0.2.1116435:*:*:*:*:*:*:*",
"matchCriteriaId": "89C34388-767E-450D-A753-FF0100F466FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:7.2.1.0.1123293:*:*:*:*:*:*:*",
"matchCriteriaId": "2E31C334-97F3-4A1A-ACC5-F05654123065",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 7.1.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy (UCD) versi\u00f3n 7.1.1.2, usa algoritmos criptogr\u00e1ficos m\u00e1s d\u00e9biles de lo esperado que podr\u00edan permitir a un atacante descifrar informaci\u00f3n altamente confidencial"
}
],
"id": "CVE-2021-39082",
"lastModified": "2024-11-21T06:18:33.990",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-29T16:15:07.907",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Broken Link",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/215693"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6576179"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/215693"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6576179"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-04-12 17:17
Modified
2025-01-29 21:29
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 280896.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | devops_deploy | * | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:devops_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6EE6B16-69D2-4346-BA42-C2C802747BDC",
"versionEndExcluding": "8.0.1.0",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CDB4B82-A3E1-4905-9372-1C95FE4A1AA1",
"versionEndExcluding": "7.0.5.21",
"versionStartIncluding": "7.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "015364EF-C0CE-408E-A2C5-3A011C689EAE",
"versionEndExcluding": "7.1.2.17",
"versionStartIncluding": "7.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF86D6F3-550E-4E89-83E8-014089803E4E",
"versionEndExcluding": "7.2.3.10",
"versionStartIncluding": "7.2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11643F05-5EE8-420A-9DB6-FBED56E25BA4",
"versionEndExcluding": "7.3.2.5",
"versionStartIncluding": "7.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 280896."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy (UCD) 7.0 a 7.0.5.20, 7.1 a 7.1.2.16, 7.2 a 7.2.3.9, 7.3 a 7.3.2.4 e IBM DevOps Deploy 8.0 a 8.0.0.1 no invalida la sesi\u00f3n despu\u00e9s del cierre de sesi\u00f3n, lo que podr\u00eda permitir un usuario autenticado para hacerse pasar por otro usuario en el sistema. ID de IBM X-Force: 280896."
}
],
"id": "CVE-2024-22358",
"lastModified": "2025-01-29T21:29:36.273",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-04-12T17:17:22.023",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/280896"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7148109"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/280896"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7148109"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-613"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-03-27 15:15
Modified
2025-08-14 01:58
Severity ?
Summary
IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.22, 7.2 through 7.2.3.15, and 7.3 through 7.3.2.10 / IBM DevOps Deploy 8.0 through 8.0.1.5 and 8.1 through 8.1.0.1 could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7229031 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | devops_deploy | * | |
| ibm | devops_deploy | 8.1.0.0 | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:devops_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D02CEF4-E668-46C3-B136-9FBB0D1F1B65",
"versionEndExcluding": "8.0.1.5",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:devops_deploy:8.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FFD6AB40-6302-4B11-809C-907ABBEDF7DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A45F2EBB-0A41-4731-8F8B-62D9BE418D35",
"versionEndExcluding": "7.1.2.23",
"versionStartIncluding": "7.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A230C986-7C8F-427E-8190-C249E44AB782",
"versionEndExcluding": "7.2.3.16",
"versionStartIncluding": "7.2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "89A8087E-4FC6-42F1-89D6-C17095EFF772",
"versionEndExcluding": "7.3.2.11",
"versionStartIncluding": "7.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.22, 7.2 through 7.2.3.15, and 7.3 through 7.3.2.10 / IBM DevOps Deploy 8.0 through 8.0.1.5 and 8.1 through 8.1.0.1 could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy (UCD) 7.1 a 7.1.2.22, 7.2 a 7.2.3.15 y 7.3 a 7.3.2.10 / IBM DevOps Deploy 8.0 a 8.0.1.5 y 8.1 a 8.1.0.1 podr\u00edan permitir el acceso no autorizado a otros servicios o la posible exposici\u00f3n de datos confidenciales debido a la falta de autenticaci\u00f3n en su servicio Agent Relay."
}
],
"id": "CVE-2024-56469",
"lastModified": "2025-08-14T01:58:37.913",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
},
"published": "2025-03-27T15:15:53.960",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7229031"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-13 16:29
Modified
2024-11-21 03:22
Severity ?
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
IBM UrbanCode Deploy 6.1 through 6.9.6.0 could allow a remote attacker to traverse directories on the system. An unauthenticated attacker could alter UCD deployments. IBM X-Force ID: 135522.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/135522 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=swg2C1000374 | Broken Link, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/135522 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=swg2C1000374 | Broken Link, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | urbancode_deploy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20731EEA-C0EE-4E84-AC10-7C10890110E1",
"versionEndIncluding": "6.9.6.0",
"versionStartIncluding": "6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy 6.1 through 6.9.6.0 could allow a remote attacker to traverse directories on the system. An unauthenticated attacker could alter UCD deployments. IBM X-Force ID: 135522."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy desde la versi\u00f3n 6.1 hasta la 6.9.6.0 podr\u00eda permitir que un atacante remoto salte directorios del sistema. Un atacante no autenticado podr\u00eda alterar las implementaciones de UCD. IBM X-Force ID: 135522."
}
],
"id": "CVE-2017-1749",
"lastModified": "2024-11-21T03:22:18.440",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-13T16:29:00.497",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/135522"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg2C1000374"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/135522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=swg2C1000374"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-08 19:59
Modified
2025-04-20 01:37
Severity ?
Summary
IBM UrbanCode Deploy 6.1 and 6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: C1000264.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | urbancode_deploy | 6.1 | |
| ibm | urbancode_deploy | 6.1.0.1 | |
| ibm | urbancode_deploy | 6.1.0.2 | |
| ibm | urbancode_deploy | 6.1.0.3 | |
| ibm | urbancode_deploy | 6.1.0.4 | |
| ibm | urbancode_deploy | 6.1.1 | |
| ibm | urbancode_deploy | 6.1.1.1 | |
| ibm | urbancode_deploy | 6.1.1.2 | |
| ibm | urbancode_deploy | 6.1.1.3 | |
| ibm | urbancode_deploy | 6.1.1.4 | |
| ibm | urbancode_deploy | 6.1.1.5 | |
| ibm | urbancode_deploy | 6.1.1.6 | |
| ibm | urbancode_deploy | 6.1.1.7 | |
| ibm | urbancode_deploy | 6.1.1.8 | |
| ibm | urbancode_deploy | 6.1.2 | |
| ibm | urbancode_deploy | 6.1.3 | |
| ibm | urbancode_deploy | 6.1.3.1 | |
| ibm | urbancode_deploy | 6.1.3.2 | |
| ibm | urbancode_deploy | 6.1.3.3 | |
| ibm | urbancode_deploy | 6.2.0.0 | |
| ibm | urbancode_deploy | 6.2.0.1 | |
| ibm | urbancode_deploy | 6.2.0.2 | |
| ibm | urbancode_deploy | 6.2.1 | |
| ibm | urbancode_deploy | 6.2.1.1 | |
| ibm | urbancode_deploy | 6.2.1.2 | |
| ibm | urbancode_deploy | 6.2.2 | |
| ibm | urbancode_deploy | 6.2.2.1 | |
| ibm | urbancode_deploy | 6.2.3.0 | |
| ibm | urbancode_deploy | 6.2.3.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7AF8BEEC-5F93-424B-94F6-622B9BA84CDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E6CFA4-8FD7-4106-800C-BE84B63D3E5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5DE72929-3618-4341-83DC-E4A006EE3D0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F59AC6D5-1F06-4EC4-BD36-6FA5221AE611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D7ED1843-E659-4931-8E08-8867D4286A18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6082BBED-6184-4173-BF5A-5B536FADBB39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70E082B0-B404-4E5E-9FC7-2B0B6F363A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1A5583AF-A3CE-4AEE-8D0F-5E0FE22BC3B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "054A3ED4-290A-484D-9F51-93A71968CAA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7C5B4753-3685-4088-A4B1-C4AE58C11F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "32732445-6761-40F0-836B-E7EAC9B9239B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EF8034DC-C20D-4972-AFBA-D3EBF8664164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5409F075-5268-476E-BEFE-2B93C8BB2870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F43800F6-328E-4481-B6AE-44A50F368314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A0A50D-547C-4508-8D6C-DBE26D0CEEF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E3BCD23-4033-443D-B2D5-CAF69FCD22D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1A72039-925C-48AE-8012-BA6AEE659D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "57A488B1-1221-46C4-B97D-B895368E3A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AF8D9BF8-E9DD-4967-86CE-DE2A6FF6DADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CFD390D-531E-4BC7-B9D4-74208E153F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EFBFBFFE-8E24-48C0-87D7-6E6D3017C79B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "93406315-DD19-45E5-84EE-B5D8F0A903D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C970147-39E9-4CCC-9FDE-B70546941323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "61F991AF-CD34-4307-85B0-58107E4CE1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D704D2D-A935-4E01-8FCC-67150856BEB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "104066B9-7D5C-44FA-8745-DBD019761AC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "456DB48D-39E4-4F66-BEC4-1B7B135214BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "248B80C9-EF09-497E-8481-4BE687DF613D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7E55B00-5117-4297-A17B-EEBD370D181B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy 6.1 and 6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: C1000264."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy 6.1 y 6.2 es vulnerable a XSS. Esta vulnerabilidad permite a usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz web alterando as\u00ed la funcionalidad prevista potencialmente conduciendo a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n de confianza. Referencia IBM #: C1000264."
}
],
"id": "CVE-2016-9006",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-08T19:59:00.253",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000264"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/96757"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/96757"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-08-05 14:15
Modified
2024-11-21 05:32
Severity ?
Summary
IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181848.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/181848 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6256128 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/181848 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6256128 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | urbancode_deploy | 6.2.7.3 | |
| ibm | urbancode_deploy | 6.2.7.4 | |
| ibm | urbancode_deploy | 7.0.3.0 | |
| ibm | urbancode_deploy | 7.0.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "777A3E2E-A386-4E90-9F87-E7C1C5DF24A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4A7E5906-A151-4697-AD21-5B93E0A41E40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:7.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD8CFC9C-03E2-44CE-A65A-DBD163BF864F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:7.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "066058E1-6FA5-4E57-849E-8D38F37D227A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181848."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy (UCD) versiones 6.2.7.3, 6.2.7.4, 7.0.3.0 y 7.0.4.0, es vulnerable a un ataque de Inyecci\u00f3n de XML External Entity (XXE) cuando se procesan datos XML. Un atacante remoto podr\u00eda explotar esta vulnerabilidad para exponer informaci\u00f3n confidencial o consumir recursos de memoria. IBM X-Force ID: 181848"
}
],
"id": "CVE-2020-4481",
"lastModified": "2024-11-21T05:32:47.293",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-05T14:15:13.030",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181848"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6256128"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181848"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6256128"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-17 17:15
Modified
2024-11-21 07:21
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
IBM UrbanCode Deploy (UCD) 6.2.7.0 through 6.2.7.17, 7.0.0.0 through 7.0.5.12, 7.1.0.0 through 7.1.2.8, and 7.2.0.0 through 7.2.3.1 could allow a user with administrative privileges including "Manage Security" permissions may be able to recover a credential previously saved for performing authenticated LDAP searches. IBM X-Force ID:
236601.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/236601 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6831907 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/236601 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6831907 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EFA3BB2D-933D-4B51-A5B5-61D8DAFEA2EF",
"versionEndExcluding": "6.2.7.18",
"versionStartIncluding": "6.2.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BCF85AC-CCBA-43AE-ABD5-D7AC4DB9028F",
"versionEndExcluding": "7.0.5.13",
"versionStartIncluding": "7.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE5065B-D544-42CF-BE02-838895F359BD",
"versionEndExcluding": "7.1.2.9",
"versionStartIncluding": "7.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5AE857B9-3A5D-4ED1-9B24-A083CB55527C",
"versionEndExcluding": "7.2.3.2",
"versionStartIncluding": "7.2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nIBM UrbanCode Deploy (UCD) 6.2.7.0 through 6.2.7.17, 7.0.0.0 through 7.0.5.12, 7.1.0.0 through 7.1.2.8, and 7.2.0.0 through 7.2.3.1 could allow a user with administrative privileges including \"Manage Security\" permissions may be able to recover a credential previously saved for performing authenticated LDAP searches.\u00a0 IBM X-Force ID:\u00a0\u00a0\n\n236601."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy (UCD) 6.2.7.0 a 6.2.7.17, 7.0.0.0 a 7.0.5.12, 7.1.0.0 a 7.1.2.8 y 7.2.0.0 a 7.2.3.1 podr\u00eda permitir a un usuario con privilegios administrativos, incluido \"Manage Security\" Los permisos pueden recuperar una credencial previamente guardada para realizar b\u00fasquedas LDAP autenticadas. ID de IBM X-Force: 236601."
}
],
"id": "CVE-2022-40751",
"lastModified": "2024-11-21T07:21:59.007",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-17T17:15:11.217",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/236601"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6831907"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/236601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6831907"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-13 16:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM UrbanCode Deploy (UCD) 7.0.3 and IBM UrbanCode Build 6.1.5 could allow a local user to obtain sensitive information by unmasking certain secure values in documents. IBM X-Force ID: 171248.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/171248 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/1138576 | Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/2325141 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/171248 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/1138576 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/2325141 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | urbancode_build | * | |
| ibm | urbancode_deploy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:urbancode_build:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9380C59-F2C2-4A51-B594-8A8B48919C06",
"versionEndIncluding": "6.1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C174B9A-FACB-4B86-B21B-0A4046E59F22",
"versionEndIncluding": "7.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 7.0.3 and IBM UrbanCode Build 6.1.5 could allow a local user to obtain sensitive information by unmasking certain secure values in documents. IBM X-Force ID: 171248."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy (UCD) versi\u00f3n 7.0.3 e IBM UrbanCode Build versi\u00f3n 6.1.5, podr\u00edan permitir a un usuario local obtener informaci\u00f3n confidencial al desenmascarar determinados valores seguros en los documentos. ID de IBM X-Force: 171248."
}
],
"id": "CVE-2019-4666",
"lastModified": "2024-11-21T04:43:56.810",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-13T16:15:12.213",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/171248"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/1138576"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/2325141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/171248"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/1138576"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/2325141"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-07-01 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 does not properly implement a logging-obfuscation feature for secure properties, which allows remote authenticated users to obtain sensitive information via vectors involving special characters.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B6C176CC-51F9-4C53-B0F8-D0E0A5387CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "49D22F1E-6827-4343-BD5E-376710FF9A50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C35B3347-EE12-4E84-92D9-533DA7F1581E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "32C10FFF-250A-4530-B631-1B1DAA3B4BC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DE176DE5-BB60-4999-A2B4-D93C8AB776DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "751113D0-7085-4AE7-8F39-292293F297FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "31217ED6-C154-49CF-BD65-C272D630F58A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1F69D247-B168-40EC-BA4B-1C50879B64BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1894FAF3-1E8E-4A4F-9044-B9176CB2BD1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C822B4AB-4032-4BEB-A413-A80398A28EAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FF310F06-6674-470E-B258-4DF042B1FA68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AEF92016-8494-4EBE-A32F-A123C1517F63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "744A36AB-5BC8-4FE1-BB91-9BC3019EBB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A4535B6A-0791-4855-BED4-01A8279F4930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7AF8BEEC-5F93-424B-94F6-622B9BA84CDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E6CFA4-8FD7-4106-800C-BE84B63D3E5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5DE72929-3618-4341-83DC-E4A006EE3D0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F59AC6D5-1F06-4EC4-BD36-6FA5221AE611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D7ED1843-E659-4931-8E08-8867D4286A18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F9BA86C9-0A31-4EBB-B73E-346D6C425988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70E082B0-B404-4E5E-9FC7-2B0B6F363A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1A5583AF-A3CE-4AEE-8D0F-5E0FE22BC3B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "054A3ED4-290A-484D-9F51-93A71968CAA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7C5B4753-3685-4088-A4B1-C4AE58C11F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "32732445-6761-40F0-836B-E7EAC9B9239B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EF8034DC-C20D-4972-AFBA-D3EBF8664164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5409F075-5268-476E-BEFE-2B93C8BB2870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F43800F6-328E-4481-B6AE-44A50F368314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A0A50D-547C-4508-8D6C-DBE26D0CEEF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E3BCD23-4033-443D-B2D5-CAF69FCD22D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1A72039-925C-48AE-8012-BA6AEE659D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "57A488B1-1221-46C4-B97D-B895368E3A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CFD390D-531E-4BC7-B9D4-74208E153F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EFBFBFFE-8E24-48C0-87D7-6E6D3017C79B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "93406315-DD19-45E5-84EE-B5D8F0A903D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C970147-39E9-4CCC-9FDE-B70546941323",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 does not properly implement a logging-obfuscation feature for secure properties, which allows remote authenticated users to obtain sensitive information via vectors involving special characters."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy 6.0.x en versiones anteriores a 6.0.1.13, 6.1.x en versiones anteriores a 6.1.3.3 y 6.2.x en versiones anteriores a 6.2.1.1 no implementa correctamente una caracter\u00edstica de ofuscaci\u00f3n de inicio de sesi\u00f3n para propiedades seguras, lo que permite a usuarios remotos autenticados obtener informaci\u00f3n sensible a trav\u00e9s de vectores que involucran caracteres especiales."
}
],
"id": "CVE-2016-0364",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-07-01T01:59:01.153",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg2C1000152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg2C1000152"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-11-06 14:15
Modified
2024-11-21 05:32
Severity ?
Summary
IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could disclose sensitive information to an authenticated user that could be used in further attacks against the system. IBM X-Force ID: 181858.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/181858 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6337605 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/181858 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6337605 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | urbancode_deploy | 6.2.7.3 | |
| ibm | urbancode_deploy | 6.2.7.4 | |
| ibm | urbancode_deploy | 7.0.3.0 | |
| ibm | urbancode_deploy | 7.0.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "777A3E2E-A386-4E90-9F87-E7C1C5DF24A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4A7E5906-A151-4697-AD21-5B93E0A41E40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:7.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD8CFC9C-03E2-44CE-A65A-DBD163BF864F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:7.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "066058E1-6FA5-4E57-849E-8D38F37D227A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could disclose sensitive information to an authenticated user that could be used in further attacks against the system. IBM X-Force ID: 181858."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy (UCD) versiones 6.2.7.3, 6.2.7.4, 7.0.3.0 y 7.0.4.0, podr\u00eda divulgar informaci\u00f3n confidencial a un usuario autenticado que podr\u00eda ser usado en nuevos ataques contra el sistema.\u0026#xa0;IBM X-Force ID: 181858"
}
],
"id": "CVE-2020-4484",
"lastModified": "2024-11-21T05:32:47.640",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-06T14:15:17.377",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181858"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6337605"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181858"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6337605"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-04-12 17:17
Modified
2025-01-29 21:27
Severity ?
4.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N
4.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N
4.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N
Summary
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. When deleting a custom security type, associated permissions of objects using that type may not be fully revoked. This could lead to incorrect reporting of permission configuration and unexpected privileges being retained. IBM X-Force ID: 279974.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | devops_deploy | * | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:devops_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6EE6B16-69D2-4346-BA42-C2C802747BDC",
"versionEndExcluding": "8.0.1.0",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CDB4B82-A3E1-4905-9372-1C95FE4A1AA1",
"versionEndExcluding": "7.0.5.21",
"versionStartIncluding": "7.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "015364EF-C0CE-408E-A2C5-3A011C689EAE",
"versionEndExcluding": "7.1.2.17",
"versionStartIncluding": "7.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF86D6F3-550E-4E89-83E8-014089803E4E",
"versionEndExcluding": "7.2.3.10",
"versionStartIncluding": "7.2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. When deleting a custom security type, associated permissions of objects using that type may not be fully revoked. This could lead to incorrect reporting of permission configuration and unexpected privileges being retained. IBM X-Force ID: 279974."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy (UCD) 7.0 a 7.0.5.20, 7.1 a 7.1.2.16, 7.2 a 7.2.3.9, 7.3 a 7.3.2.4 e IBM DevOps Deploy 8.0 a 8.0.0.1 podr\u00edan ser vulnerables a una revocaci\u00f3n incompleta de permisos al eliminar un tipo de recurso de seguridad. Al eliminar un tipo de seguridad personalizado, es posible que los permisos asociados de los objetos que usan ese tipo no se revoquen por completo. Esto podr\u00eda dar lugar a informes incorrectos de la configuraci\u00f3n de permisos y a la retenci\u00f3n de privilegios inesperados. ID de IBM X-Force: 279974."
}
],
"id": "CVE-2024-22334",
"lastModified": "2025-01-29T21:27:26.997",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-04-12T17:17:21.300",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279974"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7148112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279974"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7148112"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-06-29 01:59
Modified
2025-04-12 10:46
Severity ?
Summary
IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 allows remote authenticated users to obtain sensitive cleartext secure-property information via (1) the server UI or (2) a database request.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B6C176CC-51F9-4C53-B0F8-D0E0A5387CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "49D22F1E-6827-4343-BD5E-376710FF9A50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C35B3347-EE12-4E84-92D9-533DA7F1581E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "32C10FFF-250A-4530-B631-1B1DAA3B4BC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DE176DE5-BB60-4999-A2B4-D93C8AB776DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "751113D0-7085-4AE7-8F39-292293F297FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "31217ED6-C154-49CF-BD65-C272D630F58A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1F69D247-B168-40EC-BA4B-1C50879B64BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1894FAF3-1E8E-4A4F-9044-B9176CB2BD1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C822B4AB-4032-4BEB-A413-A80398A28EAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FF310F06-6674-470E-B258-4DF042B1FA68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AEF92016-8494-4EBE-A32F-A123C1517F63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "744A36AB-5BC8-4FE1-BB91-9BC3019EBB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A4535B6A-0791-4855-BED4-01A8279F4930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7AF8BEEC-5F93-424B-94F6-622B9BA84CDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E6CFA4-8FD7-4106-800C-BE84B63D3E5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5DE72929-3618-4341-83DC-E4A006EE3D0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F59AC6D5-1F06-4EC4-BD36-6FA5221AE611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D7ED1843-E659-4931-8E08-8867D4286A18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F9BA86C9-0A31-4EBB-B73E-346D6C425988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70E082B0-B404-4E5E-9FC7-2B0B6F363A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1A5583AF-A3CE-4AEE-8D0F-5E0FE22BC3B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "054A3ED4-290A-484D-9F51-93A71968CAA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7C5B4753-3685-4088-A4B1-C4AE58C11F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "32732445-6761-40F0-836B-E7EAC9B9239B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EF8034DC-C20D-4972-AFBA-D3EBF8664164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5409F075-5268-476E-BEFE-2B93C8BB2870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F43800F6-328E-4481-B6AE-44A50F368314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A0A50D-547C-4508-8D6C-DBE26D0CEEF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E3BCD23-4033-443D-B2D5-CAF69FCD22D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1A72039-925C-48AE-8012-BA6AEE659D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "57A488B1-1221-46C4-B97D-B895368E3A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CFD390D-531E-4BC7-B9D4-74208E153F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EFBFBFFE-8E24-48C0-87D7-6E6D3017C79B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "93406315-DD19-45E5-84EE-B5D8F0A903D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C970147-39E9-4CCC-9FDE-B70546941323",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 allows remote authenticated users to obtain sensitive cleartext secure-property information via (1) the server UI or (2) a database request."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy 6.0.x en versiones anteriores a 6.0.1.13, 6.1.x en versiones anteriores a 6.1.3.3 y 6.2.x en versiones anteriores a 6.2.1.1 permite a usuarios remotos autenticados obtener informaci\u00f3n sensible de propiedad segura en texto plano a trav\u00e9s de (1) el servidor UI o (2) una petici\u00f3n de base de datos."
}
],
"id": "CVE-2016-0267",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-29T01:59:04.887",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg2C1000151"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg2C1000151"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-20 00:15
Modified
2024-11-21 08:22
Severity ?
6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
An IBM UrbanCode Deploy Agent 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts. IBM X-Force ID: 265509.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B06C8A89-2DB4-4A6D-BD31-8B2BA54218A2",
"versionEndIncluding": "7.2.3.7",
"versionStartIncluding": "7.2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86E324E0-1439-4F6B-8768-96F384630CE7",
"versionEndIncluding": "7.3.2.2",
"versionStartIncluding": "7.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An IBM UrbanCode Deploy Agent 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts. IBM X-Force ID: 265509."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy Agent 7.2 a 7.2.3.7 y 7.3 a 7.3.2.2 instalado como un servicio de Windows en una ubicaci\u00f3n no est\u00e1ndar podr\u00eda estar sujeto a un ataque de denegaci\u00f3n de servicio por parte de cuentas locales. ID de IBM X-Force: 265509."
}
],
"id": "CVE-2023-42012",
"lastModified": "2024-11-21T08:22:06.337",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-20T00:15:08.190",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265509"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7096548"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265509"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7096548"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-28 15:29
Modified
2025-04-20 01:37
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in IBM UrbanCode Release 6.0.1.6 and earlier, 6.1.0.7 and earlier, and 6.1.1.1 and earlier.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg21695293 | Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/72900 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21695293 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/72900 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47BE87A3-E559-412F-B5A6-B5E6D6F5C47D",
"versionEndIncluding": "6.0.1.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67569689-35FF-4154-86D6-61FE56A00F17",
"versionEndIncluding": "6.1.0.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CEECFD9-045C-4FFC-BBAE-9B44C8AFFAC5",
"versionEndIncluding": "6.1.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in IBM UrbanCode Release 6.0.1.6 and earlier, 6.1.0.7 and earlier, and 6.1.1.1 and earlier."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en IBM UrbanCode Release 6.0.1.6 y anteriores, 6.1.0.7 y anteriores y 6.1.1.1 y anteriores."
}
],
"id": "CVE-2014-8900",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-28T15:29:00.610",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695293"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/72900"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21695293"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/72900"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-05-25 14:29
Modified
2024-11-21 03:22
Severity ?
Summary
IBM UrbanCode Deploy 6.1 and 6.2 could allow an authenticated privileged user to obtain highly sensitive information. IBM X-Force ID: 135547.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg2C1000376 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/104289 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/135547 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg2C1000376 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104289 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/135547 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB22FB2E-831E-41B4-AC40-F7564C80CC88",
"versionEndIncluding": "6.1.3.8",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "665BE1E1-B05E-4367-8332-3DCC0625CFEA",
"versionEndIncluding": "6.2.7.0",
"versionStartIncluding": "6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy 6.1 and 6.2 could allow an authenticated privileged user to obtain highly sensitive information. IBM X-Force ID: 135547."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy 6.1 y 6.2 podr\u00eda permitir que un usuario autenticado privilegiado obtenga informaci\u00f3n altamente sensible. IBM X-Force ID: 135547."
}
],
"id": "CVE-2017-1752",
"lastModified": "2024-11-21T03:22:18.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-25T14:29:00.277",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000376"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104289"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/135547"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000376"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104289"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/135547"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-03-27 15:15
Modified
2025-08-14 19:13
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
4.6 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
4.6 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Summary
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7229035 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | devops_deploy | * | |
| ibm | devops_deploy | 8.1.0.0 | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:devops_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D02CEF4-E668-46C3-B136-9FBB0D1F1B65",
"versionEndExcluding": "8.0.1.5",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:devops_deploy:8.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FFD6AB40-6302-4B11-809C-907ABBEDF7DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79421241-7D68-4B82-A53D-A47986F05FE9",
"versionEndExcluding": "7.0.5.26",
"versionStartIncluding": "7.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5225DF4D-BDFD-4ECE-843E-6E51B00D0DCD",
"versionEndExcluding": "7.1.2.22",
"versionStartIncluding": "7.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19CB1BD1-C6C2-4B72-9FF2-6463F76E8E5F",
"versionEndExcluding": "7.2.3.15",
"versionStartIncluding": "7.2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB1D16B-E73A-4004-AD8D-B1E8238CA502",
"versionEndExcluding": "7.3.2.10",
"versionStartIncluding": "7.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy (UCD) 7.0 a 7.0.5.25, 7.1 a 7.1.2.21, 7.2 a 7.2.3.14 y 7.3 a 7.3.2.0 / IBM DevOps Deploy 8.0 a 8.0.1.4 y 8.1 a 8.1 podr\u00edan permitir el acceso no autorizado a otros servicios o la posible exposici\u00f3n de datos confidenciales debido a la falta de autenticaci\u00f3n en su servicio Agent Relay."
}
],
"id": "CVE-2025-1997",
"lastModified": "2025-08-14T19:13:08.933",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-03-27T15:15:54.550",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7229035"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-80"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-01 11:15
Modified
2024-11-21 07:11
Severity ?
Summary
IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.16, 7.0.0.0 through 7.0.5.11, 7.1.0.0 through 7.1.2.7, and 7.2.0.0 through 7.2.3.0 could allow an authenticated user to obtain sensitive information in some instances due to improper security checking. IBM X-Force ID: 231360.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/231360 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6608584 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/231360 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6608584 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E8B3E491-AA09-4E2E-A088-7BC67E342EC6",
"versionEndExcluding": "6.2.7.17",
"versionStartIncluding": "6.2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64C67394-0E36-4C5B-A021-CB34830250F8",
"versionEndExcluding": "7.0.5.12",
"versionStartIncluding": "7.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62BB01F4-907E-4A6A-A976-28B95EE0D335",
"versionEndExcluding": "7.1.2.8",
"versionStartIncluding": "7.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A0A01F33-D993-4AD9-818F-021D25D43CD8",
"versionEndExcluding": "7.2.3.1",
"versionStartIncluding": "7.2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.16, 7.0.0.0 through 7.0.5.11, 7.1.0.0 through 7.1.2.7, and 7.2.0.0 through 7.2.3.0 could allow an authenticated user to obtain sensitive information in some instances due to improper security checking. IBM X-Force ID: 231360."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy (UCD) versiones 6.2.0.0 hasta 6.2.7.16, 7.0.0 hasta 7.0.5.11, 7.1.0.0 hasta 7.1.2.7 y 7.2.0.0 hasta 7.2.3.0, podr\u00edan permitir a un usuario autenticado obtener informaci\u00f3n confidencial en algunos casos debido a una comprobaci\u00f3n de seguridad inapropiada. IBM X-Force ID: 231360"
}
],
"id": "CVE-2022-35716",
"lastModified": "2024-11-21T07:11:32.627",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-01T11:15:14.287",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/231360"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6608584"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/231360"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6608584"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-23 15:15
Modified
2024-11-21 05:32
Severity ?
Summary
IBM UrbanCode Deploy (UCD) 7.0.3.0 and 7.0.4.0 could allow an authenticated user to impersonate another user if the server is configured to enable Distributed Front End (DFE). IBM X-Force ID: 174955.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/174955 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6195701 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/174955 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6195701 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48333295-CCC6-4E13-AD5A-F2E9E67987CE",
"versionEndExcluding": "7.0.3.4",
"versionStartIncluding": "7.0.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A50E3B0-A34B-45F9-A9D0-D809789E49CD",
"versionEndExcluding": "7.0.4.3",
"versionStartIncluding": "7.0.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 7.0.3.0 and 7.0.4.0 could allow an authenticated user to impersonate another user if the server is configured to enable Distributed Front End (DFE). IBM X-Force ID: 174955."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy (UCD) versiones 7.0.3.0 y 7.0.4.0, podr\u00eda permitir a un usuario autenticado suplantar a otro usuario si el servidor est\u00e1 configurado para habilitar Distributed Front End (DFE). ID de IBM X-Force: 174955."
}
],
"id": "CVE-2020-4202",
"lastModified": "2024-11-21T05:32:23.323",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 3.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-23T15:15:14.700",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174955"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6195701"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6195701"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-20 00:15
Modified
2024-11-21 08:22
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 265510.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D9BA852-DB65-4E85-8F40-EAD6897A42C5",
"versionEndIncluding": "7.0.5.18",
"versionStartIncluding": "7.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D26A6175-309B-4841-8ED2-CAE52C56660D",
"versionEndIncluding": "7.1.2.14",
"versionStartIncluding": "7.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B06C8A89-2DB4-4A6D-BD31-8B2BA54218A2",
"versionEndIncluding": "7.2.3.7",
"versionStartIncluding": "7.2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86E324E0-1439-4F6B-8768-96F384630CE7",
"versionEndIncluding": "7.3.2.2",
"versionStartIncluding": "7.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 265510."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy (UCD) 7.1 a 7.1.2.14, 7.2 a 7.2.3.7 y 7.3 a 7.3.2.2 podr\u00eda permitir a un atacante remoto obtener informaci\u00f3n confidencial cuando se devuelve un mensaje de error t\u00e9cnico detallado en el navegador. Esta informaci\u00f3n podr\u00eda usarse en futuros ataques contra el sistema. ID de IBM X-Force: 265510."
}
],
"id": "CVE-2023-42013",
"lastModified": "2024-11-21T08:22:06.490",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-20T00:15:08.383",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265510"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7096547"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265510"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7096547"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-209"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-14 15:14
Modified
2025-01-27 18:31
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4, and 8.0 through 8.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285654.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/285654 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7150747 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/285654 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7150747 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | devops_deploy | * | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:devops_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6EE6B16-69D2-4346-BA42-C2C802747BDC",
"versionEndExcluding": "8.0.1.0",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CDB4B82-A3E1-4905-9372-1C95FE4A1AA1",
"versionEndExcluding": "7.0.5.21",
"versionStartIncluding": "7.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "015364EF-C0CE-408E-A2C5-3A011C689EAE",
"versionEndExcluding": "7.1.2.17",
"versionStartIncluding": "7.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF86D6F3-550E-4E89-83E8-014089803E4E",
"versionEndExcluding": "7.2.3.10",
"versionStartIncluding": "7.2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11643F05-5EE8-420A-9DB6-FBED56E25BA4",
"versionEndExcluding": "7.3.2.5",
"versionStartIncluding": "7.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4, and 8.0 through 8.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285654."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy (UCD) 7.0 a 7.0.5.20, 7.1 a 7.1.2.16, 7.2 a 7.2.3.9, 7.3 a 7.3.2.4 y 8.0 a 8.0.0.1 es vulnerable a Cross Site Scripting. Esta vulnerabilidad permite a los usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista, lo que podr\u00eda conducir a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 285654."
}
],
"id": "CVE-2024-28781",
"lastModified": "2025-01-27T18:31:09.747",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-05-14T15:14:41.887",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/285654"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7150747"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/285654"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7150747"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-04-12 17:17
Modified
2025-01-29 21:27
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 is vulnerable to a sensitive information due to insufficient obfuscation of sensitive values from some log files. IBM X-Force ID: 279979.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | devops_deploy | * | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:devops_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6EE6B16-69D2-4346-BA42-C2C802747BDC",
"versionEndExcluding": "8.0.1.0",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CDB4B82-A3E1-4905-9372-1C95FE4A1AA1",
"versionEndExcluding": "7.0.5.21",
"versionStartIncluding": "7.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "015364EF-C0CE-408E-A2C5-3A011C689EAE",
"versionEndExcluding": "7.1.2.17",
"versionStartIncluding": "7.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF86D6F3-550E-4E89-83E8-014089803E4E",
"versionEndExcluding": "7.2.3.10",
"versionStartIncluding": "7.2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11643F05-5EE8-420A-9DB6-FBED56E25BA4",
"versionEndExcluding": "7.3.2.5",
"versionStartIncluding": "7.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 is vulnerable to a sensitive information due to insufficient obfuscation of sensitive values from some log files. IBM X-Force ID: 279979."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy (UCD) 7.0 a 7.0.5.20, 7.1 a 7.1.2.16, 7.2 a 7.2.3.9, 7.3 a 7.3.2.4 e IBM DevOps Deploy 8.0 a 8.0.0.1 es vulnerable a informaci\u00f3n confidencial debido a una ofuscaci\u00f3n insuficiente de la informaci\u00f3n confidencial. valores de algunos archivos de registro. ID de IBM X-Force: 279979."
}
],
"id": "CVE-2024-22339",
"lastModified": "2025-01-29T21:27:46.043",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-04-12T17:17:21.647",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279979"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7148113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279979"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7148113"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-11-06 14:15
Modified
2024-11-21 05:32
Severity ?
Summary
IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181857.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/181857 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6360835 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/181857 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6360835 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | urbancode_deploy | 6.2.7.3 | |
| ibm | urbancode_deploy | 6.2.7.4 | |
| ibm | urbancode_deploy | 7.0.3.0 | |
| ibm | urbancode_deploy | 7.0.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "777A3E2E-A386-4E90-9F87-E7C1C5DF24A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4A7E5906-A151-4697-AD21-5B93E0A41E40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:7.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD8CFC9C-03E2-44CE-A65A-DBD163BF864F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:7.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "066058E1-6FA5-4E57-849E-8D38F37D227A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181857."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy (UCD) versiones 6.2.7.3, 6.2.7.4, 7.0.3.0 y 7.0.4.0, podr\u00eda permitir a un atacante remoto obtener informaci\u00f3n confidencial cuando un mensaje de error t\u00e9cnico detallado es devuelto en el navegador.\u0026#xa0;Esta informaci\u00f3n podr\u00eda ser usado en nuevos ataques contra el sistema.\u0026#xa0;IBM X-Force ID: 181857"
}
],
"id": "CVE-2020-4483",
"lastModified": "2024-11-21T05:32:47.523",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-06T14:15:17.300",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181857"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6360835"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181857"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6360835"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-209"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-11-06 14:15
Modified
2024-11-21 05:32
Severity ?
Summary
IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could allow an authenticated user to bypass security. A user with access to a snapshot could apply unauthorized additional statuses via direct rest calls. IBM X-Force ID: 181856.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/181856 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6337603 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/181856 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6337603 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | urbancode_deploy | 6.2.7.3 | |
| ibm | urbancode_deploy | 6.2.7.4 | |
| ibm | urbancode_deploy | 7.0.3.0 | |
| ibm | urbancode_deploy | 7.0.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "777A3E2E-A386-4E90-9F87-E7C1C5DF24A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4A7E5906-A151-4697-AD21-5B93E0A41E40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:7.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD8CFC9C-03E2-44CE-A65A-DBD163BF864F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:7.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "066058E1-6FA5-4E57-849E-8D38F37D227A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could allow an authenticated user to bypass security. A user with access to a snapshot could apply unauthorized additional statuses via direct rest calls. IBM X-Force ID: 181856."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy (UCD) versiones 6.2.7.3, 6.2.7.4, 7.0.3.0 y 7.0.4.0, podr\u00eda permitir a un usuario autenticado omitir la seguridad.\u0026#xa0;Un usuario con acceso a un snapshot podr\u00eda aplicar estados adicionales no autorizados por medio de llamadas directas a rest.\u0026#xa0;IBM X-Force ID: 181856"
}
],
"id": "CVE-2020-4482",
"lastModified": "2024-11-21T05:32:47.407",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-06T14:15:17.207",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181856"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6337603"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181856"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6337603"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-16 16:15
Modified
2024-11-21 05:32
Severity ?
Summary
IBM UrbanCode Deploy (UCD) 7.0.5 could allow a user with special permissions to obtain sensitive information via generic processes. IBM X-Force ID: 175639.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/175639 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6191655 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/175639 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6191655 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6532A364-39E6-493D-8F85-BAE29AFE5C73",
"versionEndExcluding": "6.2.7.7",
"versionStartIncluding": "6.2.7.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D117FBE0-7A50-48DA-9A51-FCEC53F2968D",
"versionEndIncluding": "7.0.5.0",
"versionStartIncluding": "7.0.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 7.0.5 could allow a user with special permissions to obtain sensitive information via generic processes. IBM X-Force ID: 175639."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy (UCD) versi\u00f3n 7.0.5, podr\u00eda permitir a un usuario con permisos especiales obtener informaci\u00f3n confidencial por medio de procesos gen\u00e9ricos. IBM X-Force ID: 175639."
}
],
"id": "CVE-2020-4260",
"lastModified": "2024-11-21T05:32:28.603",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-16T16:15:13.427",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175639"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6191655"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6191655"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-04-12 17:17
Modified
2025-01-29 21:29
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 280897.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | devops_deploy | * | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:devops_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6EE6B16-69D2-4346-BA42-C2C802747BDC",
"versionEndExcluding": "8.0.1.0",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CDB4B82-A3E1-4905-9372-1C95FE4A1AA1",
"versionEndExcluding": "7.0.5.21",
"versionStartIncluding": "7.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "015364EF-C0CE-408E-A2C5-3A011C689EAE",
"versionEndExcluding": "7.1.2.17",
"versionStartIncluding": "7.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF86D6F3-550E-4E89-83E8-014089803E4E",
"versionEndExcluding": "7.2.3.10",
"versionStartIncluding": "7.2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11643F05-5EE8-420A-9DB6-FBED56E25BA4",
"versionEndExcluding": "7.3.2.5",
"versionStartIncluding": "7.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 280897."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy (UCD) 7.0 a 7.0.5.20, 7.1 a 7.1.2.16, 7.2 a 7.2.3.9, 7.3 a 7.3.2.4 e IBM DevOps Deploy 8.0 a 8.0.0.1 son vulnerables a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista, lo que podr\u00eda conducir a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 280897."
}
],
"id": "CVE-2024-22359",
"lastModified": "2025-01-29T21:29:50.640",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-04-12T17:17:22.373",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/280897"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7148111"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/280897"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7148111"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-01 18:15
Modified
2024-11-21 06:46
Severity ?
Summary
IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 22106.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/221006 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6600065 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/221006 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6600065 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | urbancode_deploy | 6.2.7.15 | |
| ibm | urbancode_deploy | 7.0.5.10 | |
| ibm | urbancode_deploy | 7.1.2.6 | |
| ibm | urbancode_deploy | 7.2.2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "97DC9BCE-80D6-4FC5-B1A2-C57C876655A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:7.0.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8BBDB8DF-AB55-4703-A71C-51D5482F2BB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:7.1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE237B5-36EE-4F76-BD86-998152306768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:7.2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8784E3A5-F31B-4646-8980-EF2C6BE59321",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 22106."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy (UCD) versiones 6.2.7.15, 7.0.5.10, 7.1.2.6 y 7.2.2.1, almacena credenciales de usuario en texto sin cifrar que puede leer un usuario local. IBM X-Force ID: 22106"
}
],
"id": "CVE-2022-22366",
"lastModified": "2024-11-21T06:46:42.450",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-01T18:15:08.623",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/221006"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6600065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/221006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6600065"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-30 16:29
Modified
2024-11-21 02:41
Severity ?
3.1 (Low) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
IBM UrbanCode Deploy 6.0 through 6.2.2.1 could allow an authenticated user to read sensitive information due to UCD REST endpoints not properly authorizing users when determining who can read data. IBM X-Force ID: 112119.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg2C1000219 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/112119 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg2C1000219 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/112119 | VDB Entry, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | urbancode_deploy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82634693-BA46-4AEA-861B-767C21445FF2",
"versionEndIncluding": "6.2.2.1",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy 6.0 through 6.2.2.1 could allow an authenticated user to read sensitive information due to UCD REST endpoints not properly authorizing users when determining who can read data. IBM X-Force ID: 112119."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy, desde la versi\u00f3n 6.0 hasta la 6.2.2.1 podr\u00eda permitir que un usuario autenticado lea informaci\u00f3n sensible debido a que los endpoints UCD REST no autorizan debidamente a los usuarios al determinar qui\u00e9n puede leer datos. IBM X-Force ID: 112119."
}
],
"id": "CVE-2016-0373",
"lastModified": "2024-11-21T02:41:34.867",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-30T16:29:00.557",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg2C1000219"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/112119"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg2C1000219"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/112119"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-02-14 04:15
Modified
2025-08-18 18:14
Severity ?
Summary
IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 / IBM UrbanCode Deploy 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.9 could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7182841 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | devops_deploy | * | |
| ibm | devops_deploy | 8.1.0.0 | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:devops_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D02CEF4-E668-46C3-B136-9FBB0D1F1B65",
"versionEndExcluding": "8.0.1.5",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:devops_deploy:8.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FFD6AB40-6302-4B11-809C-907ABBEDF7DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79421241-7D68-4B82-A53D-A47986F05FE9",
"versionEndExcluding": "7.0.5.26",
"versionStartIncluding": "7.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5225DF4D-BDFD-4ECE-843E-6E51B00D0DCD",
"versionEndExcluding": "7.1.2.22",
"versionStartIncluding": "7.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19CB1BD1-C6C2-4B72-9FF2-6463F76E8E5F",
"versionEndExcluding": "7.2.3.15",
"versionStartIncluding": "7.2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB1D16B-E73A-4004-AD8D-B1E8238CA502",
"versionEndExcluding": "7.3.2.10",
"versionStartIncluding": "7.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 / IBM UrbanCode Deploy 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.9 could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements."
},
{
"lang": "es",
"value": "IBM DevOps Deploy 8.0 a 8.0.1.4, 8.1 a 8.1.0.0 / IBM UrbanCode Deploy 7.0 a 7.0.5.25, 7.1 a 7.1.2.21, 7.2 a 7.2.3.14 y 7.3 a 7.3.2.9 podr\u00edan permitir que un atacante remoto autenticado y privilegiado ejecute comandos arbitrarios en el sistema mediante el env\u00edo de entradas especialmente manipuladas que contengan elementos especiales."
}
],
"id": "CVE-2024-55904",
"lastModified": "2025-08-18T18:14:40.550",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
},
"published": "2025-02-14T04:15:08.753",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7182841"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-02-08 17:15
Modified
2025-08-15 12:33
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 and IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14 and 7.3 through 7.3.2 could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7182840 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | devops_deploy | * | |
| ibm | devops_deploy | 8.1.0.0 | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * | |
| ibm | urbancode_deploy | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:devops_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D02CEF4-E668-46C3-B136-9FBB0D1F1B65",
"versionEndExcluding": "8.0.1.5",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:devops_deploy:8.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FFD6AB40-6302-4B11-809C-907ABBEDF7DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79421241-7D68-4B82-A53D-A47986F05FE9",
"versionEndExcluding": "7.0.5.26",
"versionStartIncluding": "7.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5225DF4D-BDFD-4ECE-843E-6E51B00D0DCD",
"versionEndExcluding": "7.1.2.22",
"versionStartIncluding": "7.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19CB1BD1-C6C2-4B72-9FF2-6463F76E8E5F",
"versionEndExcluding": "7.2.3.15",
"versionStartIncluding": "7.2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB1D16B-E73A-4004-AD8D-B1E8238CA502",
"versionEndExcluding": "7.3.2.10",
"versionStartIncluding": "7.3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 and IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14 and 7.3 through 7.3.2 could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function."
},
{
"lang": "es",
"value": "IBM DevOps Deploy 8.0 a 8.0.1.4, 8.1 a 8.1.0.0 e IBM UrbanCode Deploy (UCD) 7.0 a 7.0.5.25, 7.1 a 7.1.2.21, 7.2 a 7.2.3.14 y 7.3 a 7.3.2 podr\u00edan permitir que un usuario autenticado obtenga informaci\u00f3n confidencial sobre otros usuarios en el sistema debido a la falta de autorizaci\u00f3n para una funci\u00f3n."
}
],
"id": "CVE-2024-54176",
"lastModified": "2025-08-15T12:33:18.683",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-02-08T17:15:21.643",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7182840"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-01 11:59
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM UrbanCode Deploy 6.2.x before 6.2.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www-01.ibm.com/support/docview.wss?uid=swg2C1000177 | Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/92870 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg2C1000177 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92870 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | urbancode_deploy | 6.2.0.0 | |
| ibm | urbancode_deploy | 6.2.0.1 | |
| ibm | urbancode_deploy | 6.2.0.2 | |
| ibm | urbancode_deploy | 6.2.0.201 | |
| ibm | urbancode_deploy | 6.2.1 | |
| ibm | urbancode_deploy | 6.2.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CFD390D-531E-4BC7-B9D4-74208E153F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EFBFBFFE-8E24-48C0-87D7-6E6D3017C79B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "93406315-DD19-45E5-84EE-B5D8F0A903D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.0.201:*:*:*:*:*:*:*",
"matchCriteriaId": "DAC97896-4190-4290-8176-00437F1E8864",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C970147-39E9-4CCC-9FDE-B70546941323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "61F991AF-CD34-4307-85B0-58107E4CE1D1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM UrbanCode Deploy 6.2.x before 6.2.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en IBM UrbanCode Deploy 6.2.x en versiones anteriores a 6.2.1.2 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2016-2994",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-01T11:59:03.807",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg2C1000177"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92870"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg2C1000177"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92870"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-01 22:59
Modified
2025-04-20 01:37
Severity ?
Summary
IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload that would replace code on the server. This code could be executed on the UCD agent machines that host customer's production applications.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg2C1000237 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/95289 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg2C1000237 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95289 | Third Party Advisory, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B6C176CC-51F9-4C53-B0F8-D0E0A5387CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4BEE7852-A76C-4085-B14D-8BA67D825A8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C35B3347-EE12-4E84-92D9-533DA7F1581E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "32C10FFF-250A-4530-B631-1B1DAA3B4BC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DE176DE5-BB60-4999-A2B4-D93C8AB776DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "751113D0-7085-4AE7-8F39-292293F297FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "31217ED6-C154-49CF-BD65-C272D630F58A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1F69D247-B168-40EC-BA4B-1C50879B64BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1894FAF3-1E8E-4A4F-9044-B9176CB2BD1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C822B4AB-4032-4BEB-A413-A80398A28EAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FF310F06-6674-470E-B258-4DF042B1FA68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AEF92016-8494-4EBE-A32F-A123C1517F63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "744A36AB-5BC8-4FE1-BB91-9BC3019EBB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A4535B6A-0791-4855-BED4-01A8279F4930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C108D461-F391-491B-B1B4-AEB3155C2196",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.0.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5A66AD80-303B-44B0-B773-701503F5B7E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7AF8BEEC-5F93-424B-94F6-622B9BA84CDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E6CFA4-8FD7-4106-800C-BE84B63D3E5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5DE72929-3618-4341-83DC-E4A006EE3D0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F59AC6D5-1F06-4EC4-BD36-6FA5221AE611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D7ED1843-E659-4931-8E08-8867D4286A18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6082BBED-6184-4173-BF5A-5B536FADBB39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70E082B0-B404-4E5E-9FC7-2B0B6F363A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1A5583AF-A3CE-4AEE-8D0F-5E0FE22BC3B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "054A3ED4-290A-484D-9F51-93A71968CAA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7C5B4753-3685-4088-A4B1-C4AE58C11F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "32732445-6761-40F0-836B-E7EAC9B9239B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EF8034DC-C20D-4972-AFBA-D3EBF8664164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5409F075-5268-476E-BEFE-2B93C8BB2870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F43800F6-328E-4481-B6AE-44A50F368314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A0A50D-547C-4508-8D6C-DBE26D0CEEF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E3BCD23-4033-443D-B2D5-CAF69FCD22D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1A72039-925C-48AE-8012-BA6AEE659D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "57A488B1-1221-46C4-B97D-B895368E3A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AF8D9BF8-E9DD-4967-86CE-DE2A6FF6DADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CFD390D-531E-4BC7-B9D4-74208E153F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EFBFBFFE-8E24-48C0-87D7-6E6D3017C79B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "93406315-DD19-45E5-84EE-B5D8F0A903D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C970147-39E9-4CCC-9FDE-B70546941323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "61F991AF-CD34-4307-85B0-58107E4CE1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "104066B9-7D5C-44FA-8745-DBD019761AC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:urbancode_deploy:6.2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "456DB48D-39E4-4F66-BEC4-1B7B135214BA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload that would replace code on the server. This code could be executed on the UCD agent machines that host customer\u0027s production applications."
},
{
"lang": "es",
"value": "IBM UrbanCode Deploy podr\u00eda permitir que un usuario ejecute c\u00f3digo usando una carga de archivo especialmente creada que reemplazar\u00eda el c\u00f3digo en el servidor. Este c\u00f3digo podr\u00eda ejecutarse en las m\u00e1quinas de agente UCD que alojan las aplicaciones de producci\u00f3n del cliente."
}
],
"id": "CVE-2016-8938",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-01T22:59:00.977",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000237"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95289"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg2C1000237"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95289"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}