IBMBD757114FD384AD5A0E70F11C081551D7A7AE18D0712F34B5CC16140A8C14DBCSecurity Bulletin: API and CLI getResource expose secured role properties (CVE-2016-6068)
EPSS
Percentile
41.8%
Summary
IBM UrbanCode Deploy could allow an authenticated user with access to the REST endpoints to access API and CLI getResource secured role properties.
Vulnerability Details
CVEID: CVE-2016-6068**
DESCRIPTION:** IBM UrbanCode Deploy could allow an authenticated user with access to the REST endpoints to access API and CLI getResource secured role properties.
CVSS Base Score: 6.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/117400 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N)
Affected Products and Versions
IBM UrbanCode Deploy 6.0, 6.0.1, 6.0.1.1, 6.0.1.2, 6.0.1.3, 6.0.1.4, 6.0.1.5, 6.0.1.6, 6.0.1.7, 6.0.1.8, 6.0.1.9, 6.0.1.10, 6.0.1.11, 6.0.1.12, 6.0.1.13, 6.0.1.14, 6.1, 6.1.0.1, 6.1.0.2, 6.1.0.3, 6.1.0.4, 6.1.1, 6.1.1.1, 6.1.1.2, 6.1.1.3, 6.1.1.4, 6.1.1.5, 6.1.1.6, 6.1.1.7, 6.1.1.8, 6.1.2, 6.1.3, 6.1.3.1, 6.1.3.2, 6.1.3.3, 6.2.0.0, 6.2.0.1, 6.2.0.2, 6.2.1, 6.2.1.1, 6.2.2, 6.2.2.1 on all supported platforms.
Remediation/Fixes
For IBM UrbanCode Deploy versions 6.2 through 6.2.2.1, upgrade to IBM UrbanCode Deploy 6.2.3.
For IBM UrbanCode Deploy versions 6.1 to 6.1.3.3, upgrade the server to IBM UrbanCode Deploy 6.1.3.4.
For IBM UrbanCode Deploy versions 6.0 to 6.0.1.14, upgrade the server to IBM UrbanCode Deploy 6.0.1.15.
Workarounds and Mitigations
None
Related
EPSS
Percentile
41.8%