IBMCF21A072BB0F71C97601632CC719B53ADD24C86DF288116FFF0E14B97416DC8ASecurity Bulletin: Pre-processing and post-processing scripts can access the entire domain model of server or agent (CVE-2016-2942)
0.001 Low
EPSS
Percentile
35.5%
Summary
IBM UrbanCode Deploy could allow an authenticated attacker with special permissions to craft a script on the server in a way that will cause processes to run on a remote UCD agent machine.
Vulnerability Details
CVEID: CVE-2016-2942**
DESCRIPTION:** IBM UrbanCode Deploy could allow an authenticated attacker with special permissions to craft a script on the server in a way that will cause processes to run on a remote UCD agent machine.
CVSS Base Score: 6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/113584 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L)
Affected Products and Versions
IBM UrbanCode Deploy 6.0, 6.0.1, 6.0.1.1, 6.0.1.2, 6.0.1.3, 6.0.1.4, 6.0.1.5, 6.0.1.6, 6.0.1.7, 6.0.1.8, 6.0.1.9, 6.0.1.10, 6.0.1.11, 6.0.1.12, 6.0.1.13, 6.0.1.14, 6.1, 6.1.0.1, 6.1.0.2, 6.1.0.3, 6.1.0.4, 6.1.1, 6.1.1.1, 6.1.1.2, 6.1.1.3, 6.1.1.4, 6.1.1.5, 6.1.1.6, 6.1.1.7, 6.1.1.8, 6.1.2, 6.1.3, 6.1.3.1, 6.1.3.2, 6.1.3.3, 6.2.0.0, 6.2.0.1, 6.2.0.2, 6.2.1, 6.2.1.1, 6.2.2, 6.2.2.1 on all supported platforms.
Remediation/Fixes
For IBM UrbanCode Deploy versions 6.2 through 6.2.2.1, upgrade to IBM UrbanCode Deploy 6.2.3.
For IBM UrbanCode Deploy versions 6.0 to 6.1.3.3, upgrade the server to IBM UrbanCode Deploy 6.1.3.4.
Workarounds and Mitigations
None
Related
0.001 Low
EPSS
Percentile
35.5%