Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMB63A9170348C33676D26272435E5F93A07C0353A787879F2D259FAF26AAF0BD1
HistoryMay 09, 2024 - 8:05 p.m.

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to a Cross-Site Scripting vulnerability (CVE-2024-28781)

2024-05-0920:05:16
www.ibm.com
11
ibm
urbancode deploy
cross-site scripting
vulnerability
cve-2024-28781
web ui
credentials disclosure
upgrade
devops deploy

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

6.1

Confidence

High

EPSS

0

Percentile

9.0%

JSON

Summary

IBM UrbanCode Deploy (UCD) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Vulnerability Details

CVEID:CVE-2024-28781
**DESCRIPTION:**IBM UrbanCode Deploy (UCD) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/285654 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
UCD - IBM UrbanCode Deploy 7.0 - 7.0.5.20
UCD - IBM UrbanCode Deploy 7.1 - 7.1.2.16
UCD - IBM UrbanCode Deploy 7.2 - 7.2.3.9
UCD - IBM UrbanCode Deploy 7.3 - 7.3.2.4
UCD - IBM DevOps Deploy 8.0 - 8.0.0.1

Remediation/Fixes

IBM strongly suggests the following:

Upgrade affected versions to any of 7.0.5.21, 7.1.2.17, 7.2.3.10, 7.3.2.5, or 8.0.1.0 or later

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmurbancode_deployMatch8.0
VendorProductVersionCPE
ibmurbancode_deploy8.0cpe:2.3:a:ibm:urbancode_deploy:8.0:*:*:*:*:*:*:*

Related

nvd 1
cvelist 1
cve 1
nvd
nvd
CVE-2024-28781
2024-05-14 15:14:41
cvelist
cvelist
CVE-2024-28781 IBM UrbanCode Deploy cross-site scripting
2024-05-10 15:49:35
cve
cve
CVE-2024-28781
2024-05-14 15:14:41

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

6.1

Confidence

High

EPSS

0

Percentile

9.0%

JSON
Related for B63A9170348C33676D26272435E5F93A07C0353A787879F2D259FAF26AAF0BD1
nvd1cvelist1cve1