Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM47A8C7CB606E0CC4E5D4CDA638BF8F3CF57FB44985075EFC4C0E21712E641E2E
HistoryDec 13, 2023 - 10:00 p.m.

Security Bulletin: IBM UrbanCode Deploy (UCD) could allow a remote attacker to obtain sensitive information (CVE-2023-42013)

2023-12-1322:00:21
www.ibm.com
5
ibm
urbancode deploy
ucd
remote attacker
sensitive information
cve-2023-42013
vulnerability
browser
attacks
system
security
fix
upgrade

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

6.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.0%

JSON

Summary

IBM UrbanCode Deploy (UCD) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

Vulnerability Details

CVEID:CVE-2023-42013
**DESCRIPTION:**IBM UrbanCode Deploy (UCD) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/265510 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
UCD - IBM UrbanCode Deploy 7.0 - 7.0.5.18
UCD - IBM UrbanCode Deploy 7.1 - 7.1.2.14
UCD - IBM UrbanCode Deploy 7.2 - 7.2.3.7
UCD - IBM UrbanCode Deploy 7.3 - 7.3.2.2

Remediation/Fixes

IBM strongly suggests the following:

Upgrade affected versions to any of 7.0.5.19, 7.1.2.15, 7.2.3.8, 7.3.2.3, or 8.0.0.0 or later

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmurbancode_deployMatch8.0.0.0
CPENameOperatorVersion
ibm urbancode deployeq8.0.0.0

Related

cve 1
prion 1
nvd 1
cnvd 1
cvelist 1
cve
cve
CVE-2023-42013
2023-12-20 00:15:08
prion
prion
Information disclosure
2023-12-20 00:15:00
nvd
nvd
CVE-2023-42013
2023-12-20 00:15:08
cnvd
cnvd
IBM UrbanCode Deploy Information Disclosure Vulnerability (CNVD-2023-10015958)
2023-12-21 00:00:00
cvelist
cvelist
CVE-2023-42013 IBM UrbanCode Deploy information disclosure
2023-12-19 23:47:11

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

6.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.0%

JSON
Related for 47A8C7CB606E0CC4E5D4CDA638BF8F3CF57FB44985075EFC4C0E21712E641E2E
cve1prion1nvd1cnvd1cvelist1