IBM DevOps Deploy and IBM UrbanCode Deploy Access Control Error Vulnerability

2024-04-1600:00:00

China National Vulnerability Database

www.cnvd.org.cn

ibm

devops

deploy

urbancode

access control

vulnerability

misreporting

privileges

exploited

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

IBM UrbanCode Deploy (UCD) is a set of application automation deployment tools from International Business Machines (IBM). The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the complex application in different environments, such as automated deployment. An access control error vulnerability exists in IBM DevOps Deploy and IBM UrbanCode Deploy, which can be exploited by an attacker to cause misreporting of privilege configurations and retain unexpected privileges.

CPENameOperatorVersion
ibm urbancode deploy (ucd) >=7.0，<=7.eq0.5.20
ibm urbancode deploy (ucd) >=7.1，<=7.eq1.2.16
ibm urbancode deploy (ucd) >=7.2，<=7.eq2.3.9
ibm urbancode deploy (ucd) >=7.3，<=7.eq3.2.4
ibm devops deploy >=8.0，<=8.eq0.0.1

Name	Operator	Version
ibm urbancode deploy (ucd) >=7.0，<=7.	eq	0.5.20
ibm urbancode deploy (ucd) >=7.1，<=7.	eq	1.2.16
ibm urbancode deploy (ucd) >=7.2，<=7.	eq	2.3.9
ibm urbancode deploy (ucd) >=7.3，<=7.	eq	3.2.4
ibm devops deploy >=8.0，<=8.	eq	0.0.1