IBM2382092D645141C0E5E47858B4A22AFDB4D6588A900DCD7FB6567FABB0A0D57ESecurity Bulletin: IBM UrbanCode Deploy (UCD) under certain configurations could allow an authenticated user to make changes to environment template due to improper authentication controls.
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
13.1%
Summary
IBM UrbanCode Deploy (UCD) under certain configurations could allow an authenticated user to make changes to environment template due to improper authentication controls CVE-2023-40376
Vulnerability Details
CVEID:CVE-2023-40376
**DESCRIPTION:**IBM UrbanCode Deploy (UCD) under certain configurations could allow an authenticated user to make changes to environment variables due to improper authentication controls.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/263581 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| UCD - IBM UrbanCode Deploy | 7.1 - 7.1.2.12 |
| UCD - IBM UrbanCode Deploy | 7.2 - 7.2.3.5 |
| UCD - IBM UrbanCode Deploy | 7.3 - 7.3.2.0 |
Remediation/Fixes
IBM strongly recommends addressing the vulnerability now by upgrading.
Upgrade to any of 7.1.2.13, 7.2.3.6, or 7.3.2.1 or later
Workarounds and Mitigations
None
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | urbancode_deploy | 7.3.2.0 | cpe:2.3:a:ibm:urbancode_deploy:7.3.2.0:*:*:*:*:*:*:* |
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
13.1%