IBM88ADA6E019945C732C2A8D25FACB01D47B7619068E796223E07B6230D882DC3ESecurity Bulletin: Multiple UCD REST endpoints allow unauthorized users to view data (CVE-2016-0373)
EPSS
Percentile
18.2%
Summary
IBM UrbanCode Deploy could allow an authenticated user to read sensitive information due to UCD REST endpoints not properly authorizing users when determining who can read data.
Vulnerability Details
CVEID: CVE-2016-0373**
DESCRIPTION:** IBM UrbanCode Deploy could allow an authenticated user to read sensitive information due to UCD REST endpoints not properly authorizing users when determining who can read data.
CVSS Base Score: 3.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112119 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)
Affected Products and Versions
IBM UrbanCode Deploy 6.0, 6.0.1, 6.0.1.1, 6.0.1.2, 6.0.1.3, 6.0.1.4, 6.0.1.5, 6.0.1.6, 6.0.1.7, 6.0.1.8, 6.0.1.9, 6.0.1.10, 6.0.1.11, 6.0.1.12, 6.0.1.13, 6.0.1.14, 6.1, 6.1.0.1, 6.1.0.2, 6.1.0.3, 6.1.0.4, 6.1.1, 6.1.1.1, 6.1.1.2, 6.1.1.3, 6.1.1.4, 6.1.1.5, 6.1.1.6, 6.1.1.7, 6.1.1.8, 6.1.2, 6.1.3, 6.1.3.1, 6.1.3.2, 6.1.3.3, 6.2.0.0, 6.2.0.1, 6.2.0.2, 6.2.1, 6.2.1.1, 6.2.2, 6.2.2.1 on all supported platforms.
Remediation/Fixes
For IBM UrbanCode Deploy versions 6.2 through 6.2.2.1, upgrade to IBM UrbanCode Deploy 6.2.3.
For IBM UrbanCode Deploy versions 6.1 to 6.1.3.3, upgrade the server to IBM UrbanCode Deploy 6.1.3.4.
Workarounds and Mitigations
None
Related
EPSS
Percentile
18.2%