Security Bulletin: CVE-2021-29711 Agent Upgrade through CLI requires inconsistent permission set with UI.
CVEID:CVE-2021-29711
**DESCRIPTION:**IBM UrbanCode Deploy (UCD) could allow an authenticated user with certain permissions to initiate an agent upgrade through the CLI interface.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/200965 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N)
Affected Product(s) | Version(s) |
---|---|
UCD - IBM UrbanCode Deploy | 7.1.1.1 |
UCD - IBM UrbanCode Deploy | 7.0.5.3 |
UCD - IBM UrbanCode Deploy | 7.1.1.2 |
UCD - IBM UrbanCode Deploy | 7.1.1.0 |
UCD - IBM UrbanCode Deploy | 7.1.0.0 |
UCD - IBM UrbanCode Deploy | 7.0.5.4 |
UCD - IBM UrbanCode Deploy | 6.2.7.4 |
UCD - IBM UrbanCode Deploy | 6.2.7.3 |
UCD - IBM UrbanCode Deploy | 6.2.7.8 |
UCD - IBM UrbanCode Deploy | 7.0.4.0 |
UCD - IBM UrbanCode Deploy | 6.2.7.9 |
UCD - IBM UrbanCode Deploy | 7.0.3.0 |
UCD - IBM UrbanCode Deploy | All |
Upgrade to 6.2.7.11, 7.0.5.6, 7.1.2.2, 7.2.0.0
https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+UrbanCode+Deploy&function=fixId&fixids=6.2.7.11-IBM-UrbanCode-Deploy
https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+UrbanCode+Deploy&function=fixId&fixids=7.0.5.6-IBM-UrbanCode-Deploy
https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+UrbanCode+Deploy&function=fixId&fixids=7.1.2.2-IBM-UrbanCode-Deploy
https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+UrbanCode+Deploy&function=fixId&fixids=7.2.0.0-IBM-UrbanCode-Deploy
None