Lucene search
IBM8169D42E16BAA1A909614FA1B85CA863D981C13C98450CCB0C02F1889DDE9A87HistoryJun 08, 2021 - 9:47 p.m.
Security Bulletin: IBM UrbanCode Deploy (UCD) stores keystore passwords in plain after a manuel edit, which can be read by a local user.
2021-06-0821:47:40
www.ibm.com
62
0.0004 Low
EPSS
Percentile
5.1%
Summary
IBM UrbanCode Deploy (UCD) leaves a keystore passwords in plain text after a manual edit, which may be read by a local user.
Vulnerability Details
CVEID:CVE-2020-4944
**DESCRIPTION:**IBM UrbanCode Deploy (UCD) stores keystore passwords in plain in plain text after a manuel edit, which can be read by a local user.
CVSS Base score: 5.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/191944 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| UCD - IBM UrbanCode Deploy | 7.1.0.0 |
| UCD - IBM UrbanCode Deploy | 7.0.5.2 |
| UCD - IBM UrbanCode Deploy | 7.0.4.0 |
| UCD - IBM UrbanCode Deploy | 7.0.3.0 |
Remediation/Fixes
Update to 7.1.0.1 or 7.0.5.3 to ensure any manual plain-text value found is encrypted upon start up
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm urbancode deploy | eq | 7.1.1.1 |
Related
cve
cve
CVE-2020-4944
2021-03-30 16:15:14
cvelist
cvelist
CVE-2020-4944
2021-03-29 00:00:00
nvd
nvd
CVE-2020-4944
2021-03-30 16:15:14
prion
prion
Code injection
2021-03-30 16:15:00
0.0004 Low
EPSS
Percentile
5.1%
Related for 8169D42E16BAA1A909614FA1B85CA863D981C13C98450CCB0C02F1889DDE9A87