Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM7B7B8903463A12899F9553E5CDD407B1F42FA2A223BC8EB926D62A4EB52D7ED8
HistoryJul 30, 2021 - 5:02 a.m.

Security Bulletin: CVE-2021-29711 Agent Upgrade through CLI requires inconsistent permission.

2021-07-3005:02:32
www.ibm.com
12
cve-2021-29711
agent upgrade
inconsistent permission
cli interface
ibm urbancode deploy
upgrade
6.2.7.11
7.0.5.6
7.1.2.2
7.2.0.0

EPSS

0.001

Percentile

19.6%

JSON

Summary

Security Bulletin: CVE-2021-29711 Agent Upgrade through CLI requires inconsistent permission set with UI.

Vulnerability Details

CVEID:CVE-2021-29711
**DESCRIPTION:**IBM UrbanCode Deploy (UCD) could allow an authenticated user with certain permissions to initiate an agent upgrade through the CLI interface.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/200965 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
UCD - IBM UrbanCode Deploy 7.1.1.1
UCD - IBM UrbanCode Deploy 7.0.5.3
UCD - IBM UrbanCode Deploy 7.1.1.2
UCD - IBM UrbanCode Deploy 7.1.1.0
UCD - IBM UrbanCode Deploy 7.1.0.0
UCD - IBM UrbanCode Deploy 7.0.5.4
UCD - IBM UrbanCode Deploy 6.2.7.4
UCD - IBM UrbanCode Deploy 6.2.7.3
UCD - IBM UrbanCode Deploy 6.2.7.8
UCD - IBM UrbanCode Deploy 7.0.4.0
UCD - IBM UrbanCode Deploy 6.2.7.9
UCD - IBM UrbanCode Deploy 7.0.3.0
UCD - IBM UrbanCode Deploy All

Remediation/Fixes

Upgrade to 6.2.7.11, 7.0.5.6, 7.1.2.2, 7.2.0.0

https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+UrbanCode+Deploy&function=fixId&fixids=6.2.7.11-IBM-UrbanCode-Deploy
https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+UrbanCode+Deploy&function=fixId&fixids=7.0.5.6-IBM-UrbanCode-Deploy
https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+UrbanCode+Deploy&function=fixId&fixids=7.1.2.2-IBM-UrbanCode-Deploy
https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%7ERational&product=ibm/Rational/IBM+UrbanCode+Deploy&function=fixId&fixids=7.2.0.0-IBM-UrbanCode-Deploy

Workarounds and Mitigations

None

Related

prion 1
nvd 1
cnvd 1
cvelist 1
cve 1
prion
prion
Code injection
2021-07-08 16:15:00
nvd
nvd
CVE-2021-29711
2021-07-08 16:15:08
cnvd
cnvd
IBM UrbanCode Deploy has an unspecified vulnerability
2021-07-09 00:00:00
cvelist
cvelist
CVE-2021-29711
2021-07-08 16:10:11
cve
cve
CVE-2021-29711
2021-07-08 16:15:08

EPSS

0.001

Percentile

19.6%

JSON
Related for 7B7B8903463A12899F9553E5CDD407B1F42FA2A223BC8EB926D62A4EB52D7ED8
prion1nvd1cnvd1cvelist1cve1